Hi vlahka,
How is the computer running, any remaining issues?
Hi vlahka,
How is the computer running, any remaining issues?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
All my scanning comes up clean except for spybot which gives me a few things. One is listed as some sort of registry key trojan.
Search results from Spybot - Search & Destroy
10/08/2013 2:57:38 PM
Scan took 00:15:56.
16 items found.
Generic: [SBI $8E73A7FB] Interface (IspCommand) (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC856072-9CC4-4B33-8EBA-F62224A62A59}
Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Thor) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Cookie: [SBI $49804B54] Browser: Cookie (18) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (9) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (195) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-07-31 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-07-30 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-06-19 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Screenshot attached
Hi vlahka,
Do you get the same results after each scan with SpyBot? - TrojansC-05
If so, re-scan. When the list of malware is displayed slide the Location separator line (line between Location and Threat) to the right to fully expose the path of the Registry item that keeps coming up.
Take a screenshot or copy and paste the full path in your next reply.
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Yes all the same things in that screenshot keep popping up even after a fix and rescan. New screenshot attached
Hi vlahka,
After the SpyBot scan are you choosing to Fix Selected the items selected?
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Yes. It gives a green tick after but when I rescan they pop up all over again.
Hi vlahka,
You will continue to get items during your SpyBot scans, that is normal and should be removed each time. We are addressing the one registry item in our fix.
=========================
Tweaking.com Registry Backup
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
- Please download the installer for Registry Backup from here or here and save to your desktop.
- Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
- Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next >> Finish
- Once the GUI (graphical user interface) has appeared/loaded:-
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
=========================
Registry Edit
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:
Please do this:
- Copy the contents of the Code Box below to Notepad.
- Name the file as fix.reg
- Change the Save as Type to All Files
- and Save it on the desktop
Make sure there are NO blank lines before Windows Registry Editor Version 5.00Code:Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC856072-9CC4-4B33-8EBA-F62224A62A59}]
Then double-click on the fix.reg file, and when it prompts to merge say yes.
=========================
Re-run a scan with SpyBot to see if issue is resolved.
OCD
----------
Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Its still showing after a scan.