[suns2remember]

Are these from ComboFix.exe or Files that were found/created by ComboFix.exe??? I thought I deleted ComboFix already by going * Click START then RUN
* Now type Combofix /u in the runbox and click OK.

I run the MBAM and "IT" never found both (Application.NirCmd & Trojan.Generic)

I was very curious why Spyware Doctor found it and not the latest version MBAM (1.18) because its a KEYLOGGER.

Application.NirCmd (15 Infections)

Registry Value

- HKEY_LOCAL_MACHINE\SOFTWARE\Swearware, Combofix_wow

- HKEY_LOCAL_MACHINE\SOFTWARE\Swearware, Runs

- HKEY_LOCAL_MACHINE\SOFTWARE\Swearware, Snapshot

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME, Next Instance

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, Service

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, Legacy

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, ConfigFlags

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, Class

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, ClassGUID

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, DeviceDesc

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000, Capabilities


Registry Key

- HKEY_LOCAL_MACHINE\SOFTWARE\Swearware

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME\0000

- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_CATCHME


Folder

C:\ComboFix



And it also found Trojan.Generic in the registry key:


HKEY_USERS\S-1-5-21-4083679094-547138833-3963966-1008\
Software\W get