[Solved]Advice Needed Please, should i just reformat!

ShalimarShalimar Touching the Stars
edited December 2006 in Spyware & Virus Removal
I am not sure as to what i am doing wrong, my pc shows no symptoms....and i only visit half a dozen sites at best. I am sorry guy's but i really do not see that i am doing anything wrong. "This is irritating to say the least"

Doing my weekly scans:

AVG Antivirus 7.5 latest def's "No infections found"

AVG AntiSpyware latest def's "No problems found"

Adaware personal latest def's, found the usual low level threats which it took care of.

I have a third party firewall installed also.

But!

Spybot Search & Destroy V1.4 latest defs gave me the following which it could not fix even after rebooting as requested: see attachment at the end of this post.
Everything was rosie last week now this.

Should i just reformat and be done with it or is this easily fixable?

Logfile of Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:11:05 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ICE-CAP 11-12-06\blackd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ICE-CAP 11-12-06\blackice.exe
D:\ScannerA-HJK\ScannerA.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ICE-CAP 11-12-06\blackice.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141558032593
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144242402984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ICE-CAP 11-12-06\blackd.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ICE-CAP 11-12-06\rapapp.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe


No matter what i do i can not remove the red entries.

Comments

  • TroganTrogan London, UK
    edited December 2006
    Hi Shalimar!

    Have you installed SpywareShooter's reg file recently?

    Could you post the log from Spybot please?

    Lets run CWShredder...

    Download CWShredder
    • Go here and download CWShredder -- Save it to your desktop.
    • Close all other windows and browsers
    • Open CWShredder
    • Click Fix and then press OK at the prompt
    • Once the scan is complete, exit CWShredder.
    I don't think it will find anything...


    Those entries maybe false positives and a reformat is not necessary. :)
  • ShalimarShalimar Touching the Stars
    edited December 2006
    Hi Trogan,

    "Have you installed SpywareShooter's reg file recently?"

    Yes i did install it about a week ago as i am trying to harden my pc against all the malware possible.

    Cwshredder Found nothing as you said.

    Now where do i look for the log for spybot S&D, i went into the folder but i can not see any logs?

    Shal

    And thank you once again. :)

    Miss paranoid
  • TroganTrogan London, UK
    edited December 2006
    Those entries are definitely False Positives from Spybot. Read SpywareShooter's guide here

    However, let check me see the log from Spybot just to make sure. To do this, press the + next to the RED entries and copy and paste the registry keys here. (not sure if that will work. I've forgotten how to produce a log from Spybot since its been a very log time. I'm running a scan now to find out how to do it.)
  • ShalimarShalimar Touching the Stars
    edited December 2006
    I have it open now with the red entries, but am unable to do the copy and paste thing. I will continue trying different ways as well. :)
  • TroganTrogan London, UK
    edited December 2006
    Found it:

    Right-click on the +, and select Save full report to file.


    I got to go out now and won't be back for several hours. I'm 100% sure your computer is clean. :)
  • ShalimarShalimar Touching the Stars
    edited December 2006
    Thankyou Trogan,

    It will not give that option from the backup list so i am running a full scan now.

    One question, can i install Spywareblaster351 without it clashing with SpywareShooters reg file.

    Will post a report when scan finishes, but now i am happy that you are 100% sure i am clean.

    I try my best not to get infected.

    Thank you Trogan.:)
  • ShalimarShalimar Touching the Stars
    edited December 2006
    PS: You get going and when you get back you can check out the log.

    I iz happy now.:)
  • ShalimarShalimar Touching the Stars
    edited December 2006
    Done.:)

    My brother has drilled it into my head that you can never be to cautious online....so in saying that.

    If it is Antivirus, antitrojanware antispyware/malware/hackware, kitchenware, tupperware, whateverware...then i will install the flipping thing because i do not want anyone snooping around inside my baby. Da! :grr:

    Thanks once again Trogan "Urr Simply the best baby & Keebs cause he fixed my folding sig", if the below looks good to you then you can file this one away.

    Just a reminder, can i install SpywareBlaster351 with out it conflicting with SpywareShooters reg file? Because i want to install SpyBlaster351 as well.

    PS: Thank you for pointing the link out, yours truly did not read it when downloading the reg file. :)

    Later

    --- Search result list ---
    Sgrunt: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\*!=W=4

    CoolWWWSearch: Domain settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcounter.biz\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com\*!=W=4

    CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com\*!=W=4

    CoolWWWSearch.Googlems: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\teensguru.com\*!=W=4

    CoolWWWSearch.Googlems: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com\*!=W=4

    CoolWWWSearch.Leftovers: Trusted Site (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4

    CoolWWWSearch.Mupdate: Trusted Site (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4

    CoolWWWSearch.Toolband: Trusted Site (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4

    CoolWWWSearch.WinRes: Trusted Site (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\i-lookup.com\*!=W=4

    CoolWWWSearch.WinRes: Trusted Site (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*!=W=4

    NeedEdware: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neededware.com\*!=W=4

    Smitfraud-C.: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\solongas.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-spider.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

    XPreload: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com\*!=W=4

    Common Dialogs: History (23 files) (Registry key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: ntbtlog.txt (Backup file, nothing done)
    C:\WINDOWS\ntbtlog.txt

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Internet Explorer: Download directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Internet Explorer\Download Directory!=

    MS Media Player: Anonymous ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS DirectDraw: Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS Paint: Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    Windows.OpenWith: Open with list - .BMP extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows Explorer: Run history (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: User Assistant history IE (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (25 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Last visited history (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-507921405-1454471165-682003330-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
  • TroganTrogan London, UK
    edited December 2006
    Log looks fine. Entries look to be from SpywareShooter's reg file.

    And yes...you can install SpywareBlaster and there should not be any problems. :)


    I'll mark this resolved. I'm sure you know where to come when you have a problem. :)
This discussion has been closed.