Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Need help removing Win32agent.abd V2

  1. 2013-11-21, 12:22 #21
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets get rid of them.

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
IE:64bit: - HKLM\..\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX

:Services

:Reg

:Files
C:\Users\Dave\AppData\Roaming\FLup.exe
C:\Users\Dave\AppData\Roaming\flmem.exe
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces



    Then run another scan with OTL and let me take a final look
    Last edited by ken545; 2013-11-21 at 12:23.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  2. 2013-11-21, 21:50 #22
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ not found.
    Registry key HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E648A66-EA59-4BEE-97A7-AB258586E914}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Dave\AppData\Roaming\FLup.exe moved successfully.
    File\Folder C:\Users\Dave\AppData\Roaming\flmem.exe not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dave\Desktop\cmd.bat deleted successfully.
    C:\Users\Dave\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Dave
    ->Java cache emptied: 11273245 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 11.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Dave
    ->Temp folder emptied: 3270917 bytes
    ->Temporary Internet Files folder emptied: 13054763 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 374397890 bytes
    ->Flash cache emptied: 23762 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2741839 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 375.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11212013_154313

    Files\Folders moved on Reboot...
    C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    flmem.exe was detected by my AVG this morning when I booted the computer so It may have got rid of it before the fix, Took it long enough. Running scan now...
  3. 2013-11-21, 22:02 #23
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    OTL logfile created on: 11/21/2013 3:50:58 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 6.15 Gb Available Physical Memory | 76.97% Memory free
    15.98 Gb Paging File | 14.05 Gb Available in Paging File | 87.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.92 Gb Total Space | 490.96 Gb Free Space | 71.47% Space Free | Partition Type: NTFS
    Drive D: | 11.48 Gb Total Space | 1.37 Gb Free Space | 11.91% Space Free | Partition Type: NTFS

    Computer Name: DABBA | User Name: Dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Dave\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe (AVG Secure Search)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe (AVG Secure Search)
    PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
    PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
    PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
    PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
    DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
    DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
    DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
    DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C8903C79-0E09-4AE1-B3CA-DDE241B966D2}
    IE:64bit: - HKLM\..\SearchScopes\{C8903C79-0E09-4AE1-B3CA-DDE241B966D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{C8903C79-0E09-4AE1-B3CA-DDE241B966D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..\SearchScopes\{C8903C79-0E09-4AE1-B3CA-DDE241B966D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/17 00:55:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/17 00:55:38 | 000,000,000 | ---D | M]

    [2012/12/11 18:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
    [2013/11/10 19:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\7bgji6j6.default-1384041306188\extensions
    [2013/04/26 19:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\u5jbqad1.default\extensions
    [2013/04/26 19:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\u5jbqad1.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2013/11/15 14:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/11/15 14:23:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/11/15 14:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/11/15 14:23:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/11/15 14:23:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    [2013/05/21 02:50:26 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

    O1 HOSTS File: ([2013/11/21 15:43:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..Trusted Domains: blank ([]about in Computer)
    O15 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-314040103-2103137544-3480878236-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.13.180 167.206.13.181
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72DDDCEC-1CB8-4313-90DE-5F0BF598EF66}: DhcpNameServer = 167.206.13.180 167.206.13.181
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/11/21 15:43:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/11/19 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/11/19 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\dclogs
    [2013/11/19 15:14:14 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\adawarebp
    [2013/11/19 15:00:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/11/19 14:59:03 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\ProcAlyzer Dumps
    [2013/11/19 14:56:19 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Dave\Desktop\JRT.exe
    [2013/11/18 22:25:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/11/17 23:03:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
    [2013/11/17 16:16:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/11/17 16:03:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/11/17 16:03:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/11/17 16:03:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/11/17 16:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/11/17 16:03:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/11/17 16:00:51 | 005,146,587 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
    [2013/11/15 14:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/11/14 22:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2013/11/13 03:17:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/11/13 03:17:32 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/11/13 03:17:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/11/13 03:17:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/11/13 03:17:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/11/13 03:17:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/11/13 03:17:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/11/13 03:17:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/11/13 03:17:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/11/13 03:17:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/11/13 03:17:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/11/13 03:17:30 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/11/13 03:17:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/11/13 03:17:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/11/13 03:17:28 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/11/12 13:45:50 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/11/12 13:45:42 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/11/12 13:45:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/11/12 13:45:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2013/11/12 13:45:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2013/11/12 13:45:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2013/11/12 13:45:40 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
    [2013/11/12 13:45:39 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
    [2013/11/12 13:45:39 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
    [2013/11/12 13:45:39 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
    [2013/11/12 13:45:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
    [2013/11/09 19:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/11/09 18:25:53 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
    [2013/11/09 18:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/11/09 18:25:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/11/09 18:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/11/07 23:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/11/07 23:16:08 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/11/07 23:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/11/07 23:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/11/07 04:52:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\LaunchpadEnhanced
    [2013/11/07 04:51:43 | 000,000,000 | ---D | C] -- C:\SWGEmu
    [2013/11/07 04:51:16 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\LPECommon
    [2013/11/07 04:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWGEmu
    [2013/11/07 04:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchpad Enhanced
    [2013/11/07 04:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarWarsGalaxies
    [2013/11/07 04:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Galaxies
    [2013/11/07 04:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
    [2013/11/07 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\PowerISO
    [2013/11/07 04:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
    [2013/11/07 04:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
    [2013/10/22 21:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/11/21 15:48:32 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2013/11/21 15:47:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
    [2013/11/21 15:47:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
    [2013/11/21 15:47:58 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
    [2013/11/21 15:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/21 15:47:22 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/21 15:45:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/21 15:45:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/21 15:43:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2013/11/19 14:56:21 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Dave\Desktop\JRT.exe
    [2013/11/18 22:24:01 | 001,085,542 | ---- | M] () -- C:\Users\Dave\Desktop\AdwCleaner.exe
    [2013/11/17 23:03:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
    [2013/11/17 16:00:53 | 005,146,587 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
    [2013/11/14 22:22:25 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2013/11/14 22:22:25 | 000,001,933 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/11/13 22:35:50 | 000,781,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/13 22:35:50 | 000,661,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/13 22:35:50 | 000,121,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/12 22:28:01 | 000,003,733 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/11/12 22:27:34 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/11/11 20:25:40 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
    [2013/11/09 19:20:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/11/07 23:16:12 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/11/07 04:50:46 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Launchpad Enhanced.exe.lnk
    [2013/11/07 04:44:38 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars Galaxies.lnk
    [2013/11/07 04:27:52 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2013/10/23 09:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
    [2013/10/22 21:39:12 | 000,004,895 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
    [2013/10/22 21:39:10 | 000,000,290 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg
    [2013/10/22 21:38:51 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/18 22:23:39 | 001,085,542 | ---- | C] () -- C:\Users\Dave\Desktop\AdwCleaner.exe
    [2013/11/17 16:03:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/11/17 16:03:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/11/17 16:03:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/11/17 16:03:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/11/17 16:03:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/11/11 20:25:40 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
    [2013/11/09 19:20:53 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/11/09 19:20:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/11/07 23:16:12 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/11/07 23:16:12 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/11/07 04:50:46 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Launchpad Enhanced.exe.lnk
    [2013/11/07 04:44:38 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Galaxies.lnk
    [2013/11/04 19:44:45 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
    [2013/11/04 19:44:44 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
    [2013/09/21 23:07:35 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/09/16 20:33:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/09/16 20:33:28 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/06/26 15:07:11 | 000,003,733 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2012/11/19 03:15:53 | 000,004,168 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\wklnhst.dat
    [2012/11/19 00:54:53 | 000,142,891 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
    [2012/11/19 00:43:08 | 000,000,454 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\com.kennettnet.MusicRescue4.plist
    [2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/04/25 23:33:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Ad-Aware Antivirus
    [2012/11/18 21:48:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013
    [2013/11/07 04:33:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Azureus
    [2013/11/21 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\dclogs
    [2013/05/28 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\e-academy Inc
    [2013/11/07 04:51:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\LPECommon
    [2013/11/07 04:33:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerISO
    [2013/08/22 19:59:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Rogue Legacy
    [2013/07/19 15:36:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SplitMediaLabs
    [2012/11/19 03:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Template
    [2013/11/21 04:46:12 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TS3Client
    [2012/11/18 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software
    [2013/10/11 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Wargaming.net

    ========== Purity Check ==========



    < End of report >
  4. 2013-11-22, 00:56 #24
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    How are things running now, any problems ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2013-11-22, 01:07 #25
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    Ill have to give it a few days, as I honestly did not know the trojan was there until I had some annoying browser issues that could have been unrelated. Things seem good and I'm going to run a scan with spybot just to make sure right now. It's weird that avg only pointed out these trojans after they were manually scanned on that website!
  6. 2013-11-22, 01:38 #26
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    Search results from Spybot - Search & Destroy

    11/21/2013 7:34:58 PM
    Scan took 00:27:30.
    61 items found.

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\cdn.innovid.com\InnovidExtension.sol
    Properties.size=175
    Properties.md5=9BBA2AFF2E4BEFC9475E2EE53C9DB313
    Properties.filedate=1385071357
    Properties.filedatetext=2013-11-21 17:02:37

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\cdn.oggifinogi.com\Communicator.Validation.sol
    Properties.size=65
    Properties.md5=67AEF2A1FACF5B7896B7FD01DD4D9CD5
    Properties.filedate=1385067811
    Properties.filedatetext=2013-11-21 16:03:30

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\adsets.sol
    Properties.size=54
    Properties.md5=9817179EB2DE7A85106D252BF75879A9
    Properties.filedate=1385074358
    Properties.filedatetext=2013-11-21 17:52:38

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\auth.sol
    Properties.size=47
    Properties.md5=CFEFAAA55FA5131C70A82FD412BE74C2
    Properties.filedate=1385070352
    Properties.filedatetext=2013-11-21 16:45:51

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\auth2.sol
    Properties.size=253
    Properties.md5=575D01489D3269B3DADB8DCE7F35232D
    Properties.filedate=1385080061
    Properties.filedatetext=2013-11-21 19:27:40

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\auth_id.sol
    Properties.size=40
    Properties.md5=4D8ABC885EBEA1988A6D0559C14C1E5A
    Properties.filedate=1385070352
    Properties.filedatetext=2013-11-21 16:45:52

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\ooyala_guid.sol
    Properties.size=63
    Properties.md5=64A940C2527A8BD8816CEF3E14C3E570
    Properties.filedate=1385070353
    Properties.filedatetext=2013-11-21 16:45:52

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\player.ooyala.com\perf.sol
    Properties.size=127
    Properties.md5=4B4481E4CD2B511B24EF6123F4AB746F
    Properties.filedate=1385080061
    Properties.filedatetext=2013-11-21 19:27:40

    Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\s.ytimg.com\soundData.sol
    Properties.size=49
    Properties.md5=0B4E5168D61A6F18D795FF4ADE6AA110
    Properties.filedate=1385075281
    Properties.filedatetext=2013-11-21 18:08:01

    Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
    C:\Users\Dave\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GCN52GB5\skype.com\#ui\preferences.sol
    Properties.size=233
    Properties.md5=142B61A334BF619F104589257F296159
    Properties.filedate=1385067857
    Properties.filedatetext=2013-11-21 16:04:17

    Win32.Agent.adb: [SBI $AAEB5E52] Settings (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\DC3_FEXEC

    DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    BurstMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Zedo: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    CasaleMedia: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    FastClick: [SBI $8E73A7FB] Tracking cookie (Firefox: Dave (default-1384041306188)) (Browser: Cookie, nothing done)


    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

    MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-314040103-2103137544-3480878236-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Browser: Cookie (12) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (52) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (46) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (1576) (Browser: Cookie, nothing done)



    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-09-20 blindman.exe (2.2.18.151)
    2013-09-20 explorer.exe (2.2.18.177)
    2013-09-20 SDBootCD.exe (2.2.18.109)
    2013-09-20 SDCleaner.exe (2.2.18.110)
    2013-09-20 SDDelFile.exe (2.2.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-09-20 SDFiles.exe (2.2.18.135)
    2013-09-20 SDFileScanHelper.exe (2.2.16.1)
    2013-10-15 SDFSSvc.exe (2.2.25.211)
    2013-10-10 SDHookHelper.exe (2.3.30.2)
    2013-10-10 SDHookInst32.exe (2.3.30.2)
    2013-10-10 SDHookInst64.exe (2.3.30.2)
    2013-09-20 SDImmunize.exe (2.2.18.130)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-10-14 SDOnAccess.exe (2.2.25.4)
    2013-09-20 SDPESetup.exe (2.2.18.3)
    2013-09-20 SDPEStart.exe (2.2.18.86)
    2013-09-20 SDPhoneScan.exe (2.2.18.28)
    2013-09-20 SDPRE.exe (2.2.18.22)
    2013-09-20 SDPrepPos.exe (2.2.18.10)
    2013-09-20 SDQuarantine.exe (2.2.18.103)
    2013-09-20 SDRootAlyzer.exe (2.2.18.116)
    2013-09-20 SDSBIEdit.exe (2.2.18.39)
    2013-09-20 SDScan.exe (2.2.18.177)
    2013-09-20 SDScript.exe (2.2.18.53)
    2013-10-15 SDSettings.exe (2.2.25.138)
    2013-09-20 SDShell.exe (2.2.18.2)
    2013-09-20 SDShred.exe (2.2.18.107)
    2013-09-20 SDSysRepair.exe (2.2.18.101)
    2013-09-20 SDTools.exe (2.2.18.150)
    2013-07-25 SDTray.exe (2.1.21.129)
    2013-09-20 SDUpdate.exe (2.2.18.91)
    2013-09-20 SDUpdSvc.exe (2.2.18.76)
    2013-09-20 SDWelcome.exe (2.2.21.129)
    2013-09-13 SDWSCSvc.exe (2.2.22.2)
    2013-06-19 spybotsd2-translation-frx.exe
    2013-11-07 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-05-16 SDECon64.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
    2013-10-10 SDHook32.dll (2.3.30.2)
    2013-10-10 SDHook64.dll (2.3.30.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2013-11-12 Includes\Adware.sbi (*)
    2013-11-12 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2013-10-16 Includes\iPhone.sbi (*)
    2013-06-25 Includes\Keyloggers.sbi (*)
    2013-10-29 Includes\KeyloggersC.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-11-06 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-10-22 Includes\PUPSC.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2013-10-29 Includes\SecurityC.sbi (*)
    2013-05-22 Includes\Spyware.sbi (*)
    2013-08-06 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2013-01-16 Includes\Trojans.sbi (*)
    2013-05-13 Includes\TrojansC-02.sbi (*)
    2013-11-12 Includes\TrojansC-03.sbi (*)
    2013-10-22 Includes\TrojansC-04.sbi (*)
    2013-05-08 Includes\TrojansC-05.sbi (*)
    2013-08-06 Includes\TrojansC.sbi (*)

    I still see the Trojan in the Reg. Is this just a leftover trace or should it still be considered malicious?
  7. 2013-11-22, 02:45 #27
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I see it there as well

    REGEDIT4

    [-HKEY_CURRENT_USER\Software\DC3_FEXEC]
    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

    If you saved the file correctly it should look like this

    Then run a new scan with Spybot and let me know if its gone
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  8. 2013-11-22, 04:23 #28
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    Scan looks good, ill run another tomorrow to be sure but looks to be clean! Was it just something leftover in the reg?
  9. 2013-11-22, 11:47 #29
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Yes, that entry was just one that the other scanners missed, let me know if it returns
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  10. 2013-11-24, 22:56 #30
    Dabba
    Dabba is offline
    Junior Member
    Join Date
    Nov 2013
    Posts
    20

    Default

    Im all clean, malwarebytes and spybot both come up with nothing unusual!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules