Just formatted, think I still have spyware?

May 4, 2010 at 14:39:53
Specs: Windows 7, AMD athlone 64 x2 6000+

Just did a format but think I still have spyware. Are these logs ok? Thanks

ComboFix 10-05-04.01 - Joe 04/05/2010 22:00:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.353.1033.18.2048.1420 [GMT 1:00]
Running from: c:\users\Joe\Downloads\123.ie.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-155594683-2145828570-208102029-1000
c:\program files\Reg-Tool
c:\program files\Reg-Tool\PW\general.html
c:\program files\Reg-Tool\PW\optimizations.html
c:\program files\Reg-Tool\PW\privacy.html
c:\program files\Reg-Tool\PW\scheduler.html
c:\program files\Reg-Tool\PW\startup.html
c:\program files\Reg-Tool\PW\wizard.css

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 21:04 . 2010-05-04 21:05
2010-05-04 21:04 . 2010-05-04 21:04
2010-05-04 20:58 . 2010-05-04 20:59
2010-05-04 20:19 . 2010-05-04 20:19
2010-05-04 19:56 . 2010-05-04 19:57
2010-05-04 19:56 . 2010-05-04 19:56
2010-05-04 19:41 . 2010-05-04 19:41
2010-05-04 19:41 . 2010-05-04 19:41
2010-05-04 19:41 . 2010-05-04 19:41
2010-05-04 19:41 . 2010-05-04 19:40
2010-05-04 19:40 . 2010-05-04 19:40
2010-05-04 19:27 . 2010-05-04 19:27
2010-05-04 18:36 . 2010-05-04 18:36
2010-05-04 04:39 . 2010-05-04 04:54
2010-05-04 04:19 . 2010-05-04 04:19
2010-05-04 04:18 . 2010-04-29 14:39
2010-05-04 04:18 . 2010-05-04 04:18
2010-05-04 04:18 . 2010-04-29 14:39
2010-05-04 04:18 . 2010-05-04 04:18
2010-05-04 03:50 . 2010-05-04 03:59
2010-05-04 03:44 . 2010-05-04 03:44
2010-05-04 02:18 . 2010-05-04 02:18
2010-05-03 21:19 . 2010-05-03 21:19
2010-05-03 21:09 . 2010-02-01 01:45
2010-05-03 21:09 . 2010-05-03 21:09
2010-05-03 21:09 . 2010-02-01 01:45
2010-05-03 21:08 . 2010-05-03 21:08
2010-05-03 21:07 . 2010-05-03 21:22
2010-05-03 21:07 . 2010-05-03 21:07
2010-05-03 21:07 . 2010-03-29 07:53
2010-05-03 21:07 . 2010-03-29 07:53
2010-05-03 21:05 . 2010-05-03 21:19
2010-05-03 21:05 . 2010-05-03 21:05
2010-05-03 19:02 . 2010-03-30 22:38
2010-05-03 19:02 . 2010-05-03 19:02
2010-05-03 18:53 . 2009-09-10 05:52
2010-05-03 18:49 . 2010-02-11 07:10
2010-05-03 18:48 . 2010-05-03 18:48
2010-05-03 18:31 . 2010-02-24 09:16
2010-05-03 18:28 . 2010-05-04 18:11
2010-05-03 18:27 . 2010-04-06 16:58
2010-05-03 18:27 . 2010-05-03 18:27
2010-05-03 18:27 . 2010-05-04 00:50
2010-05-03 18:18 . 2010-05-04 21:05
2010-05-03 18:16 . 2010-05-03 18:16
2010-05-03 16:24 . 2009-12-13 09:30
2010-05-03 16:21 . 2009-12-29 06:55
2010-05-03 16:21 . 2010-01-09 06:52
2010-05-03 03:10 . 2010-05-02 18:17
2010-05-03 03:10 . 2010-05-04 21:04
2010-05-02 20:54 . 2010-05-02 20:54
2010-05-02 20:02 . 2010-05-02 20:02
2010-05-02 20:02 . 2010-05-02 20:02
2010-05-02 20:02 . 2010-05-02 20:03
2010-05-02 19:55 . 2010-05-02 19:55
2010-05-02 19:53 . 2010-05-02 19:53
2010-05-02 19:53 . 2010-05-04 20:56
2010-05-02 19:51 . 2010-05-02 19:51
2010-05-02 19:50 . 2010-05-02 19:50
2010-05-02 19:50 . 2010-05-02 19:50
2010-05-02 19:38 . 2010-05-04 19:58
2010-05-02 19:33 . 2010-05-02 19:33
2010-05-02 19:33 . 1998-10-02 18:00
2010-05-02 19:32 . 2010-05-02 19:32
2010-05-02 18:55 . 2010-05-04 14:28
2010-05-02 18:55 . 2010-05-02 19:13
2010-05-02 18:52 . 2010-05-02 18:52
2010-05-02 18:51 . 2010-05-03 18:37
2010-05-02 18:51 . 2010-05-04 19:43
2010-05-02 18:42 . 2010-05-02 18:42
2010-05-02 18:38 . 2010-05-04 21:03
2010-05-02 18:17 . 2010-05-02 18:17

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 03:15 . 2010-05-02 19:04
2010-05-04 03:14 . 2010-05-02 19:04
2010-05-04 03:14 . 2010-05-02 19:04
2010-05-04 01:50 . 2010-05-03 18:17
2010-05-04 01:31 . 2010-05-02 19:04
2010-05-03 19:18 . 2010-05-03 19:18
2010-05-02 20:04 . 2010-05-02 20:03
2010-04-16 18:00 . 2010-05-02 20:03
2010-04-03 17:27 . 2010-04-03 17:27
2010-04-03 17:27 . 2010-04-03 17:27
2010-04-03 17:27 . 2010-04-03 17:27
2010-04-03 17:27 . 2010-04-03 17:27
2010-04-03 17:27 . 2010-04-03 17:27
2010-03-24 18:17 . 2010-03-24 08:04
2010-03-24 18:17 . 2010-03-24 08:04
2010-03-24 18:17 . 2010-03-24 08:04
2010-03-24 18:17 . 2010-03-24 08:04
2010-03-15 09:31 . 2010-05-02 20:04
2010-03-08 21:33 . 2010-05-03 16:24
2010-02-27 12:07 . 2010-05-03 16:25
2010-02-27 12:07 . 2010-05-03 16:25
2010-02-27 07:32 . 2010-05-03 16:24
2010-02-27 07:32 . 2010-05-03 16:24
2010-02-27 07:32 . 2010-05-03 16:24
2010-02-23 07:56 . 2010-05-03 16:25
2009-06-10 21:26 . 2009-07-14 02:04
2009-07-14 01:14 . 2009-07-13 23:42
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
{3041D03E-FD4B-44E0-B742-2D9B88305F98}= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
uTorrent="c:\program files\uTorrent\uTorrent.exe" [2010-05-02 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
setup_9.0.0.722_04.05.2010_21-23[1].lnk - c:\users\Joe\Desktop\Virus Removal Tool\setup_9.0.0.722_04.05.2010_21-23[1]\startup.exe [2010-5-4 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
ConsentPromptBehaviorAdmin= 5 (0x5)
ConsentPromptBehaviorUser= 3 (0x3)
EnableUIADesktopToggle= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
EnableShellExecuteHooks= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

S0 88895792;88895792 Boot Guard Driver;c:\windows\system32\DRIVERS\88895792.sys [2009-10-22 37392]
S1 88895791;88895791;c:\windows\system32\DRIVERS\88895791.sys [2009-09-25 128016]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\z7rl0q4q.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\z7rl0q4q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-04 22:08:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 21:08

Pre-Run: 140,231,188,480 bytes free
Post-Run: 140,338,548,736 bytes free

- - End Of File - - 456B84DBDD3D8D34344B87BB20C1BBE7


When I went for this folder it came up saying file is locked for editing by Unknown_User is there anything wrong there?


See More: Just formatted, think I still have spyware?

Report •


#1
May 5, 2010 at 15:54:04

Anyone?

Report •

#2
May 6, 2010 at 06:08:56

nope, posting of logs without a request is against forum rules

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions


Ask Question