I found a trojan and some spyware on the registry of my PC. Would a reinstall restore the registry to when I first bought it? The thing is, I’ve done that, and the trojan and spyware still shows up in the registry keys when I do a scan.

I’m looking for a registry cleaner where I can manually select keys by software vendor for Windows XP. A program called RegCleaner did it for me, but since I have a new pc (also runs XP) it doesn’t work for me.

Now most registry cleaners will scan automatically, but they are quite useless and dangerous to use. Are there any other registry cleaners out there that don’t scan / delete anything automatically but make it easier for me to identify the keys I want to throw out?
http://www.filehippo.com/screenshot/ccleaner/3411_2/

Good tip, but I really need one that will clear out the registry keys per software vendor. This one only scans for issues.

Help. Does anyone know what registry keys to modify/remove in order to wipe out all remnants of norton internet security 2006? I have tried the norton uninstaller tool already.

My problem is, I have purchased Norton internet security 2007, and it keeps associating it to the key I had installed for Norton Internet Security 2006, even though that product has been removed. I never am given a chance to enter my NIS 2007 key. Norton software claims that my subscription has already expired – since it is counting days based on my old 2006 key.

This is a legitimately purchased NIS 2007, ebay of course, but legal with a 365 day key.

I thought I’d solved the problem but it turned out I hadn’t. I got a couple of trojan viruses on my computer the other day, even with NOD32 and Malwarebytes’ AntiMalware, Ad-aware, and Spybot Search and Destroy, which I know are all very good. I scanned with Malwarebytes,and it found two trojans. Here’s the log:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I deleted the two trojans, so everything was working again (I wasn’t being redirected to other sites on the internet anymore). However, this morning, the same problem has come back. I’m assuming that there is a rootkit installed somewhere, but nothing can find it. I’ve also scanned with VundoFix and RogueRemover, which didn’t find anything either. I scanned with SmitFraudFix, and the log after that came up with a HUGE list of random websites, and then this (sorry for the long question):

Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] – Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

”'(The list of lots of websites fits in here)”’

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri’s WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) – Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

I’ve tried deleting what SmitFraudFix has found, but it doesn’t seem to work. If I do the scan again on SFF straight afterwards, it finds the same things, but doesn’t delete them.

So, what else is there to do? Haven’t I tried everything? Please don’t recommend programs like AVG, Norton, McAffee and Avast because they are not as good as the ones I am using, and are unlikely to find the rootkit if they better antiviruses can’t.

Thanks!

Auslogics Registry Cleaner VS Wise Registry Cleaner! Both have a "safe/recommended" cleaning mode… but first has just "safe/recommended" cleaning areas, and the second has a specific ranking of the registry keys/values for all the categories! So, which one is SAFER and more EFFICIENT?

Please – install both and try searching (not cleaning), then tell your opinion(s)! Thanks a lot.

P.S. If you know more programs/software like these (with a "safe/recommended" mode) – please, submit!
P.P.S. A freeware is more likely!

Sources:
http://www.auslogics.com/en/software
http://www.wisecleaner.com/download.html
Thanks, vk! Your opinion is counted. But I need more opinions… so, please! How come this post aren’t marked as interesting yet? Isn’t what you were looking for, is a safe and efficient registry cleaner? By the way – a good registry cleaner can save you time to not reinstall OS in each 3/6 months! So, I’m waiting on more comments, dudes. Thanks again!

P.S. Please, rate each registry cleaner’s safety and efficiency by 3 stars rating… 1 = unsafe, 2 = regular, 3 = safe & 1 = unefficient, 2 = regular, 3 = efficient… or by your system (if you wish so).
Thanks, Cannon F! Utilitie, that you’ve found is impressive, but it isn’t FREE.

I need more opinions!

For those, who didn’t understood:

1. Auslogics Registry Cleaner can identify "safe/recommended" areas for cleaning.
2. Wise Registry Cleaner can identify a "safe/recommended" to remove keys in any areas.
3. So which is SAFER?
4. Which is more EFFICIENT?

Any testers to test the safety of an algorithm(s) of each tool? Any new suggestions (programs) with something like "safe/recommended" mode?

P.S. About Auslogics Registry Cleaner to crash a system – that wasn’t happening to me since it was released!

Waiting… 8|
What I’ve discovered bad about Auslogics Registry Cleaner (and suffered from that)… it is set by default to remove a recovery archives older than 30 days and it is set by default as well to limit an archives count to 100. So please – be aware! You can loose of your old registry keys forever, just like me! >_<
Thanks, Daniel! You’ve helped too. Is there anyone more, who can advice a good or a really good registry cleaning/maintaining software (good, if it’s free)? Maybe several software in a rank? The main for me is a CORRECTNESSY and SAFETY in findings of obsolete/invalid registry entries… and of course some performance boost after that ;). P.S. It is known now, that I’ve losted some of the registry entries forever, so I’m asking… I’ve made a registry backup with ERUNT few months ago… so, will it take my registry to the old state (>_<) or just add the old registry keys, that I’ve lost (^_^)? Thanks! 🙂 P.P.S. Please, if you’re reading this, and you know the sence in registry cleaning software – put/post some here (freeware is more likely)! Thx.
Correctnessy = good algorithm(s)…

Paid is not so previleged, but can be offered too…