Hijack This Logfile Did I Get Everything?

HumanMage

HumanMage

New Member
I recently was hit with a Trojan Virus, "Win7 Antispyware" I knew it was fake, and went about deleting the program using HijackThis, and Malwarebytes Antimalware. However, I want to be sure I got everything off. Comments would be appreciated. Also, is there a dedicated forum to the removal of spyware and malware, and helping others rid their computers of this nasty stuff? I would like to check it out if there exists one.

Here is the log file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:02 PM, on 11/23/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
G:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "G:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cory Monroe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3763 bytes


Thanks for any help you all can give :D
 
Your log looks clean, can you post your malwarebytes log? There are dedicated malware forums, all you have to do is do a google search "malware forums". There are many too numerous to list.
 
Here is the Malwarebytes Log file:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5166

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/23/2010 11:17:09 PM
mbam-log-2010-11-23 (23-17-09).txt

Scan type: Quick scan
Objects scanned: 138349
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


What leads me to suspicions that I didn't get everything is the fact that my google searches dont work. They give proper results, but when I click on a website from the list of results I am directed to one of those no name search engines...or worse. Something isn't right about all this. Thank you for your quick reply by the way. :D
 
Then do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running

I'm going to bed now but will check your logs in the morning.
 
I ran into a problem while using Combofix. I ran the program like suggested, and If I'm not mistaken it deleted the install.exe file. I proceeded to restart my computer because after I had saved my log I was left with a blank desktop background (no start bar, or icons). As I restarted, I was given a BSOD. The machine waited 5 or so seconds and restarted again. I did the same steps again thinking it was a fluke, I was wrong. I proceeded to do a system restore which was the other option Windows gave me. This system restore brings me back to the point where the malware is still on my system and I'm back to square one.

I will run Malwarebytes to get the malware "off" my system. But my Google searches, and internet speed is still significantly slower. I can also post the log from my previous run of Combofix, but I will not run again until tomorrow. I wonder what happened with Combofix the first time around.

I just thought of something, I have several updates that are recommended to me. One is an optional update for an installation of Microsoft Security Essentials. It seems as if each time I install this program I need to restore my system. Is this another piece of malware? Thanks for all your help thus far :D
 
That article was the first resource I came across in order to get rid of this issue. As of now, I no longer get the Win7 Antispyware pop ups, or "security breeches" like described in the article from bleepingcomputer. However, my searches are what bothers me. I do a google search for "Ford Explorer" and I get a list of sites from Google, like I should, but I click on the wikipedia page and I get the image I have attatched. I don't quite understand why though.

I have disabled the install of updates, which include the MSE like we have discussed. I am considering purchasing the full version of Malwarebytes because it has done a good job in the previous years as a free version. I'm not sure though, in my past the free versions of these softwares has been good to me.

Do you have any other ideas as to why my searches are still acting weird?
 

Attachments

  • Untitled.jpg
    Untitled.jpg
    85.3 KB · Views: 63
I would need to see a combofix log but lets try another route and see what we find.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

Let me know what the log says.
 
The Scan Results didn't find an infection. It did discover a Suspicious object though.

Service
Service name: sptd
Service type: Kernel driver(0x1)
Service start: Boot (0x0)
File: C:\Windows\system32\Drivers\sptd.sys
MD5: cdddec541bc3c96f91ecb48759673505

That is the only thing that came up in the log file. No action was to be taken other than to continue, so I did. The final scan log contained no infection, I got the green "not found" indication. The scan took about 12 seconds to complete.
 
I would like for you to try running combofix again. Since you have done a system restore it won't do any good to post the log from when you ran it the first time.
 
Combofix ran smoothly this time. From what I can gather, it fixed two files:

File "C:\ComboFix\MT_explorer.exe.tmp" added successfully
File "C:\ComboFix\MT_wininit.exe.tmp" added successfully

Here is the combofix log after my automatic restart of windows:

ComboFix 10-11-23.05 - Cory Monroe 11/24/2010 13:42:02.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2943.1939 [GMT -5:00]
Running from: c:\users\Cory Monroe\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe
Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.

2010-11-24 18:48 . 2010-11-24 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 03:12 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB7DBC0E-6331-4B08-968F-C8EAA2F0208E}\mpengine.dll
2010-11-24 01:08 . 2010-11-24 08:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-22 01:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 01:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 01:10 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-11-22 01:10 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-22 01:10 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-22 01:10 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-22 01:05 . 2010-02-05 14:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-11-22 01:05 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-22 01:05 . 2010-11-22 01:13 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-22 01:05 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-22 01:05 . 2010-11-22 01:13 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-22 01:05 . 2010-11-24 08:46 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-14 16:09 . 2010-11-14 16:09 -------- d-----w- c:\program files\iPod
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37 . 2010-11-06 16:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-10-27 13:23 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 13:23 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 13:23 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 13:23 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 13:23 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2010-02-26 15:00 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-09-28 20:44 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 18:03 . 2010-09-21 18:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30 . 2010-10-14 00:27 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 00:27 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 00:27 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 00:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 00:21 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 00:17 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-14 00:21 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 00:21 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-14 00:07 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 00:07 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 00:07 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 00:07 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Cory Monroe\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-24 136176]
"Steam"="g:\program files\Steam\Steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-02-05 454400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-15 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 18:58 495616 ----a-w- g:\program files\RocketDock\RocketDock.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 sdAuxService;PC Tools Auxiliary Service;g:\program files\Spyware Doctor\pctsAuxs.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-22 218592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-19 691696]
S2 Browser Defender Update Service;Browser Defender Update Service;g:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-05 742144]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2006-04-19 899712]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2006-04-19 9216]

.
Contents of the 'Scheduled Tasks' folder

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903547734-3519282964-2052967555-1000Core.job
- c:\users\Cory Monroe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 17:51]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903547734-3519282964-2052967555-1000UA.job
- c:\users\Cory Monroe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 17:51]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Cory Monroe\AppData\Roaming\Mozilla\Firefox\Profiles\7ow3fbvb.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Cory Monroe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: g:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: g:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Spyware Doctor - g:\program files\Spyware Doctor\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-11-24 13:53:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 18:53
ComboFix2.txt 2010-11-24 05:38

Pre-Run: 11,341,688,832 bytes free
Post-Run: 11,215,446,016 bytes free

- - End Of File - - 9D7BDB98818D0BCED60A988453834471
 
I'm getting ready to leave for work so go ahead and use the system and let me know if you continue to have issues with links. I do see one file that i'm concerned about in the log but will research it tonight when I get home or tomorrow. I'll post back when I can.
 
I would like to hear what you say about that file, which is it? Could I possibly do some research on my own about it?

Since the last successful Combofix was ran, my system seems to run as it used to; very fast, with my searches obtaining proper results and webpages. I'v noticed that some of the pieces of advice you gave were from BleepingComputer, I will look more into this site and see what I can learn from there. It seems like a pretty well established site.

Thank you very much for your help in this! I can finally go about doing my homework and research for my classes again. Have a great day and thank you so much again!
 
You must log in or register to reply here.
Back
Top