Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue antispy warning screen


  • This topic is locked This topic is locked
18 replies to this topic

#16 JSHADOWSUPREME

JSHADOWSUPREME
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 22 February 2010 - 01:38 AM

Sorry it took so long here the log

thanks in advance. Let me know what you think.

omboFix 10-02-21.02 - Robin 02/22/2010 0:29.11.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1141 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
Command switches used :: c:\users\Robin\Desktop\cfscript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 06:31 . 2010-02-22 06:31 -------- d-----w- c:\users\Robin\AppData\Local\temp
2010-02-22 06:31 . 2010-02-22 06:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-22 06:31 . 2010-02-22 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-21 23:29 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-21 23:29 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-21 23:29 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-21 23:29 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-21 23:29 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-02-21 23:28 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-21 23:28 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-21 17:43 . 2010-02-21 17:43 -------- d-----w- c:\program files\ESET
2010-02-21 17:21 . 2010-02-21 17:21 -------- d-----w- C:\$RECYCLE(1).BIN
2010-02-21 17:17 . 2010-02-21 18:41 -------- d-----w- c:\users\Robin\AppData\Local\temp(22)
2010-02-19 20:33 . 2010-02-19 20:33 -------- d-----w- c:\users\Robin\AppData\Roaming\ieSpell
2010-02-11 07:21 . 2010-02-11 07:21 -------- d-----w- c:\users\Robin\AppData\Roaming\vlc
2010-02-09 19:54 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 19:54 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 19:54 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-09 19:54 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 19:43 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-09 19:43 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-09 19:43 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 19:43 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 19:43 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 19:43 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 19:43 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-09 19:43 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 19:43 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 19:43 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 19:43 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 19:26 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 19:26 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-08 23:07 . 2010-02-08 23:07 -------- d-----w- c:\program files\ieSpell
2010-02-07 22:35 . 2010-02-07 22:35 -------- d-----w- c:\program files\Sophos
2010-02-07 21:47 . 2010-02-07 21:52 680 ----a-w- c:\users\Robin\AppData\Local\d3d9caps.dat
2010-02-07 03:49 . 2010-02-07 03:49 -------- d-----w- c:\users\Robin\AppData\Roaming\DivX
2010-02-02 16:30 . 2010-02-02 16:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-30 06:15 . 2010-01-30 06:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 18:46 . 2008-06-06 03:30 -------- d-----w- c:\users\Robin\AppData\Roaming\Symantec
2010-02-21 18:46 . 2008-02-21 01:54 -------- d-----w- c:\programdata\Symantec
2010-02-20 16:15 . 2008-02-21 01:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-18 21:50 . 2009-10-14 10:56 -------- d-----w- c:\users\Robin\AppData\Roaming\Skype
2010-02-18 17:57 . 2010-01-21 18:54 9050 ----a-w- C:\dga.vbs
2010-02-18 17:34 . 2009-01-12 20:31 -------- d-----w- c:\users\Robin\AppData\Roaming\skypePM
2010-02-13 11:33 . 2009-12-31 08:35 -------- d-----w- c:\program files\Artisteer 2
2010-02-09 20:19 . 2009-03-31 21:29 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-09 20:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-09 19:27 . 2008-02-24 01:11 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 15:05 . 2009-12-12 09:34 -------- d-----w- c:\program files\SENuke
2010-02-08 01:12 . 2010-01-19 06:42 -------- d-----w- c:\program files\RUNDLL32 Removal Tool
2010-02-08 01:12 . 2010-01-19 07:41 -------- d-----w- c:\program files\Nv Cpl Daemon Removal Tool
2010-02-07 23:45 . 2009-10-29 10:05 -------- d-----w- c:\program files\supergo
2010-02-07 23:45 . 2009-10-29 08:55 -------- d-----w- c:\program files\sas
2010-02-07 23:45 . 2009-10-29 07:27 -------- d-----w- c:\program files\kill
2010-02-06 21:10 . 2008-08-01 02:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 21:06 . 2009-01-16 03:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-06 15:13 . 2009-06-04 23:01 -------- d-----w- c:\programdata\WebEx
2010-02-06 13:47 . 2010-01-14 10:00 117760 ----a-w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 16:38 . 2009-08-15 02:15 -------- d-----w- c:\program files\iTunes
2010-02-02 16:37 . 2009-06-03 05:42 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 16:35 . 2009-04-26 04:34 -------- d-----w- c:\program files\QuickTime
2010-01-30 16:16 . 2009-10-29 10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 06:16 . 2010-01-13 16:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-23 11:01 . 2009-09-28 05:57 35 ----a-w- c:\users\Robin\AppData\Roaming\SetValue.bat
2010-01-23 11:01 . 2009-09-28 05:57 35 ----a-w- c:\users\Robin\AppData\Roaming\SetValue.bat
2010-01-20 15:40 . 2009-09-10 04:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 11:21 . 2009-04-05 07:34 -------- d-----w- c:\program files\DivX
2010-01-16 15:57 . 2010-01-16 15:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-16 15:54 . 2010-01-16 15:42 -------- d-----w- c:\program files\ffdshow
2010-01-14 10:00 . 2010-01-14 10:00 52224 ----a-w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-13 18:04 . 2010-01-13 16:46 -------- d-----w- c:\users\Robin\AppData\Roaming\SUPERAntiSpyware.com
2010-01-13 16:46 . 2010-01-13 16:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-09 21:19 . 2010-01-09 21:19 -------- d-----w- c:\programdata\{29DE7D8A-76E9-40C8-AD3B-3D95E76E1227}
2010-01-09 21:19 . 2010-01-09 21:19 -------- d-----w- c:\program files\LiveZilla
2010-01-09 06:29 . 2010-01-09 06:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-09 06:28 . 2009-04-05 07:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-07 22:07 . 2009-10-29 10:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-10-29 10:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:20 . 2008-11-29 02:10 -------- d-----w- c:\users\Robin\AppData\Roaming\MozillaControl
2010-01-07 20:20 . 2009-10-03 10:44 -------- d-----w- c:\users\Robin\AppData\Roaming\Mozilla-Cache
2010-01-07 20:19 . 2009-11-14 12:34 -------- d-----w- c:\program files\CCleaner
2010-01-07 01:33 . 2010-01-07 01:33 -------- d-----w- c:\users\Robin\AppData\Roaming\Mozilla(189)
2010-01-07 01:29 . 2010-01-07 00:31 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-07 00:31 . 2009-01-24 06:36 -------- d-----w- c:\program files\Yahoo!
2010-01-05 18:00 . 2010-01-16 15:56 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-03 15:50 . 2009-08-26 22:08 -------- d-----w- c:\programdata\NOS
2010-01-03 15:34 . 2009-12-02 00:41 -------- d-----w- c:\program files\Alwil Software
2010-01-03 15:14 . 2008-06-04 00:14 120488 ----a-w- c:\users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 09:10 . 2010-01-03 09:10 -------- d-----w- c:\program files\STADS
2010-01-03 00:21 . 2010-01-03 00:21 -------- d-----w- c:\program files\Trend Micro
2010-01-02 08:28 . 2009-01-12 01:06 -------- d-----w- c:\programdata\HP Product Assistant
2010-01-02 08:23 . 2009-08-03 11:07 -------- d-----w- c:\program files\Driver-Soft
2010-01-02 08:22 . 2009-10-14 22:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-02 06:38 . 2010-01-22 09:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 09:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Internet Explorer(159)
2010-01-02 06:25 . 2009-12-20 12:45 -------- d-----w- c:\program files\SmartFTP Client
2010-01-02 06:25 . 2009-12-20 00:14 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-02 06:25 . 2008-02-21 01:39 -------- d-----w- c:\program files\Google
2010-01-02 04:57 . 2010-01-22 09:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 02:33 . 2010-01-02 02:33 -------- d-----w- c:\program files\XoftSpySE6
2010-01-02 02:33 . 2010-01-02 02:33 -------- d-----w- c:\programdata\ParetoLogic
2010-01-02 02:33 . 2010-01-02 02:33 -------- d-----w- c:\program files\Common Files\XoftSpySE
2010-01-02 02:33 . 2010-01-02 02:33 -------- d-----w- c:\programdata\XoftSpySE
2010-01-01 10:24 . 2009-08-30 04:04 -------- d-----w- c:\program files\Java
2010-01-01 10:07 . 2010-01-01 07:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 06:20 . 2008-05-08 13:32 -------- d-----w- c:\program files\ATI
2009-12-31 18:54 . 2009-09-28 06:53 -------- d-----w- c:\program files\sas.exe
2009-12-31 16:18 . 2009-08-03 11:07 -------- d-----w- c:\program files\Driver-Soft(72)
2009-12-31 15:42 . 2009-12-31 08:22 -------- d-----w- c:\users\Robin\AppData\Roaming\uTorrent
2009-12-30 01:04 . 2009-02-18 23:24 -------- d-----w- c:\program files\Citrix
2009-12-28 07:43 . 2009-12-28 07:43 -------- d-----w- c:\users\Robin\AppData\Roaming\Artisteer
2009-12-28 04:55 . 2008-02-21 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-27 14:50 . 2009-08-03 11:07 -------- d-----w- c:\program files\Driver-Soft(68)
2009-12-27 14:07 . 2009-12-27 14:07 -------- d-----w- c:\program files\Driver-Soft(12)
2009-12-26 11:03 . 2009-12-19 21:36 -------- d-----w- c:\users\Robin\AppData\Roaming\FileZilla
2009-12-12 14:15 . 2010-01-16 15:56 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-07 19:48 . 2009-06-15 05:43 98304 ----a-w- c:\programdata\WebEx\WebEx\500\webexrcd\atplayim.dll
2009-12-07 19:48 . 2009-06-15 05:43 94208 ----a-w- c:\programdata\WebEx\WebEx\500\webexweb\atwebctl.dll
2009-12-07 19:48 . 2009-06-15 05:43 258048 ----a-w- c:\programdata\WebEx\WebEx\500\webexvdo\atsyncvd.dll
2009-12-07 19:48 . 2009-06-15 05:43 258048 ----a-w- c:\programdata\WebEx\WebEx\500\webexflh\atsyncvd.dll
2009-12-07 19:48 . 2009-06-15 05:43 258048 ----a-w- c:\programdata\WebEx\WebEx\500\webexaud\atsyncvd.dll
2009-04-03 01:39 . 2009-04-03 01:39 2 --shatr- c:\windows\winstart.bat
2008-06-04 00:13 . 2008-06-04 00:13 14 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-06-04 00:13 . 2008-06-04 00:13 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-08-28 2792280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"link"= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:6c,29,1d,4a,05,02,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1627419807-4188424800-3421206194-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2/21/2010 5:29 PM 114768]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [5/8/2008 7:40 AM 20352]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2/21/2010 5:29 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2/21/2010 5:28 PM 53328]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [5/8/2008 7:40 AM 937984]
S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [1/20/2008 8:25 PM 11264]
S4 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [12/25/2007 3:07 PM 40960]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03 PM 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{41491F06-ED37-4D5D-9861-EC87F5AAE8E3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyServer = 72.8.185.97:51499
uInternet Settings,ProxyOverride = local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: eset.com\www
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\ysk9em1z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 00:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\21C3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1627419807-4188424800-3421206194-1000\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:e2,c9,d3,19,1d,de,68,b5,98,11,33,59,b6,5c,9c,45,a2,6a,2f,07,
e7,e1,f6,52,76,95,6d,e4,ec,0e,aa,81,d9,aa,63,2e,be,fe,52,4f,a1,41,7b,dc,f2,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-02-22 00:35:15
ComboFix-quarantined-files.txt 2010-02-22 06:35
ComboFix2.txt 2010-02-22 06:04
ComboFix3.txt 2010-02-22 00:08
ComboFix4.txt 2010-02-22 00:00
ComboFix5.txt 2010-02-22 06:28

Pre-Run: 85,653,725,184 bytes free
Post-Run: 85,638,606,848 bytes free

- - End Of File - - 315D1322B1C687F5659408F9C5B043F1

Attached Files



BC AdBot (Login to Remove)

 


#17 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:29 AM

Posted 22 February 2010 - 01:57 AM

It looks good now. thumbup2.gif

It is important to uninstall ComboFix.

Go to Start => Run => copy and paste next command in the field then hit enter:

ComboFix /Uninstall

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.


Happy Surfing JSHADOWSUPREME. smile.gif

#18 JSHADOWSUPREME

JSHADOWSUPREME
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 PM

Posted 22 February 2010 - 03:45 AM

THANKS FARBAR
COULDN'T HAVE DONE IT WITHOUT YOU
thumbup.gif

#19 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:29 AM

Posted 22 February 2010 - 03:59 AM

You are most welcome. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users