Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Virus or something worse?  (Read 8109 times)

0 Members and 1 Guest are viewing this topic.

Kenter

    Topic Starter


    Beginner
    • Experience: Beginner
    • OS: Windows 7
    Virus or something worse?
    « on: March 30, 2014, 08:18:53 PM »
    I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!!

    [recovering disk space, attachment deleted by admin]

    Kenter

      Topic Starter


      Beginner
      • Experience: Beginner
      • OS: Windows 7
      Re: Virus or something worse?
      « Reply #1 on: March 30, 2014, 08:21:50 PM »
      Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.

      [recovering disk space, attachment deleted by admin]

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 991
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Virus or something worse?
      « Reply #2 on: March 31, 2014, 01:16:57 PM »
      Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
      *************************************************************************
      What browser are you using for YouTube?

      Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

      Remove the Adware:
      • Please close all open programs and internet browsers.
      • Double click on adwcleaner.exe to run the tool.
      • Click on Delete.
      • Confirm each time with OK
      • Your computer will be rebooted automatically. A text file will open after the restart.
      • Please post the content of that logfile in your reply.
      • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
      *********************************************
      Looking over your log it seems you don't have any antivirus software.

      Before we continue download and install a free antivirus.

      Remember to only install one antivirus!
       
      1) Avast! Home Edition
      2) AVG Free Edition
      3) Avira AntiVir Personal
      4) MicroSoft Security Essentials   All versions and all languages.
      5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
      6) PC Tools AntiVirus Free Edition

      It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
      *************************************************
      Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
      (Auslogics Registry Cleaner)
      There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

      For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

      Further reading: XP Fixes Myth #1: Registry Cleaners
      *******************************************
      Please download Junkware Removal Tool to your desktop.

      Warning! Once the scan is complete JRT will shut down your browser with NO warning.

      Shut down your protection software now to avoid potential conflicts.

      •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator



      •The tool will open and start scanning your system. At the Command Prompt, you’ll need to press any key to perform a scan.



      •Please be patient as this can take a while to complete depending on your system's specifications.

      •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

      •Copy and Paste the JRT.txt log into your next message.
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      Kenter

        Topic Starter


        Beginner
        • Experience: Beginner
        • OS: Windows 7
        Re: Virus or something worse?
        « Reply #3 on: March 31, 2014, 08:53:10 PM »
        That's odd it said I didn't have a antivirus. I have Comodo installed, well here's the next round of info for you sir.

        [recovering disk space, attachment deleted by admin]

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 991
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Virus or something worse?
        « Reply #4 on: April 01, 2014, 12:49:21 PM »
        Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

        Download Combofix from any of the links below, and save it to your DESKTOP
        If your version of Windows defaults to you download folder you will need to copy it to your desktop.

        Link 1
        Link 2
        Link 3

        To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
        • Close any open windows and double click ComboFix.exe to run it.

          You will see the following image:


        Click I Agree to start the program.

        ComboFix will then extract the necessary files and you will see this:



        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

        It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

        If you did not have it installed, you will see the prompt below. Choose YES.



        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

        **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



        Click on Yes, to continue scanning for malware.

        When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

        Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

        Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        Kenter

          Topic Starter


          Beginner
          • Experience: Beginner
          • OS: Windows 7
          Re: Virus or something worse?
          « Reply #5 on: April 01, 2014, 06:58:11 PM »
          ComboFix 14-03-24.01 - Alien 04/01/2014  17:28:41.1.2 - x64
          Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3997.1779 [GMT -6:00]
          Running from: c:\programdata\Shared Space\ComboFix.exe
          AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
          AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
          FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
          FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
          SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
          SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
          SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .
             /wow section - STAGE 38
          Access is denied.
          Access is denied.
          Access is denied.
          .
          .
          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          c:\program files (x86)\Stardock\MyColors\IconPackager.exe
          c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
          E:\Autorun.inf
          .
          .
          (((((((((((((((((((((((((   Files Created from 2014-03-02 to 2014-04-02  )))))))))))))))))))))))))))))))
          .
          .
          2014-04-02 00:07 . 2014-04-02 00:07   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
          2014-04-02 00:07 . 2014-04-02 00:07   --------   d-----w-   c:\users\Guest\AppData\Local\temp
          2014-04-02 00:07 . 2014-04-02 00:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
          2014-04-01 00:34 . 2014-04-01 00:34   --------   d-----w-   c:\windows\ERUNT
          2014-03-31 00:52 . 2014-04-01 00:18   --------   d-----w-   C:\AdwCleaner
          2014-03-30 23:54 . 2014-03-30 23:54   --------   d-----w-   c:\program files\CCleaner
          2014-03-30 16:53 . 2014-03-30 22:21   --------   d-----w-   c:\programdata\Kaspersky Lab
          2014-03-30 03:07 . 2013-04-29 07:17   58808   ----a-w-   c:\windows\system32\drivers\PSKMAD.sys
          2014-03-30 03:06 . 2014-03-30 03:06   --------   d-----w-   c:\users\Alien\AppData\Roaming\Panda Security
          2014-03-30 03:05 . 2014-03-30 03:05   --------   d-----w-   c:\programdata\Panda Security
          2014-03-30 03:05 . 2014-03-30 03:05   --------   d-----w-   c:\program files (x86)\Panda Security
          2014-03-29 04:59 . 2014-03-30 01:05   --------   d-----w-   c:\programdata\SecTaskMan
          2014-03-29 04:58 . 2014-03-29 04:59   --------   d-----w-   c:\program files (x86)\Security Task Manager
          2014-03-12 03:25 . 2014-01-28 02:32   228864   ----a-w-   c:\windows\system32\wwansvc.dll
          2014-03-12 03:25 . 2014-01-29 02:32   484864   ----a-w-   c:\windows\system32\wer.dll
          2014-03-12 03:25 . 2014-01-29 02:06   381440   ----a-w-   c:\windows\SysWow64\wer.dll
          2014-03-12 03:22 . 2014-02-07 01:23   3156480   ----a-w-   c:\windows\system32\win32k.sys
          2014-03-12 03:13 . 2014-02-04 02:32   624128   ----a-w-   c:\windows\system32\qedit.dll
          2014-03-12 03:13 . 2014-02-04 02:32   1424384   ----a-w-   c:\windows\system32\WindowsCodecs.dll
          2014-03-12 03:13 . 2014-02-04 02:04   1230336   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
          2014-03-12 03:13 . 2014-02-04 02:04   509440   ----a-w-   c:\windows\SysWow64\qedit.dll
          2014-03-11 01:27 . 2014-03-11 01:27   --------   d-----w-   c:\users\Alien\AppData\Roaming\Visan
          2014-03-07 03:39 . 2014-03-07 03:39   --------   d-----w-   c:\users\Alien\AppData\Roaming\SAMSUNG
          2014-03-06 06:11 . 2014-03-06 06:11   --------   d-----w-   c:\users\Alien\AppData\Roaming\Softland
          2014-03-06 06:11 . 2013-08-20 20:28   25920   ----a-w-   c:\windows\system32\dopdfmn7.dll
          2014-03-06 06:11 . 2013-08-20 20:28   21312   ----a-w-   c:\windows\system32\dopdfmi7.dll
          2014-03-06 06:11 . 2010-02-05 22:00   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
          2014-03-06 06:11 . 2014-03-06 06:11   --------   d-----w-   c:\program files\Softland
          .
          .
          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2014-03-20 01:29 . 2011-11-15 05:05   90015360   ----a-w-   c:\windows\system32\MRT.exe
          2014-03-13 01:19 . 2013-08-02 04:27   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
          2014-03-13 01:19 . 2013-08-02 04:27   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
          2014-03-13 01:18 . 2013-09-11 02:48   5777288   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
          2014-01-09 02:22 . 2014-02-26 03:24   5694464   ----a-w-   c:\windows\SysWow64\mstscax.dll
          2014-01-03 22:44 . 2014-02-26 03:24   6574592   ----a-w-   c:\windows\system32\mstscax.dll
          2013-12-04 15:34 . 2013-12-04 15:34   49940480   ----a-w-   c:\program files (x86)\GUTB52.tmp
          .
          .
          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4
          .
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
          "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
          "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
          "HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
          "uTorrent"="c:\users\Alien\AppData\Roaming\uTorrent\uTorrent.exe" [2014-02-23 904272]
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
          "FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
          "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-14 1362544]
          "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
          "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
          "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
          "PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-10-19 32736]
          .
          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
          .
          c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
          OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
          .
          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
          Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
          Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe "Stardock MyColors" AlienwareBREED "c:\program files (x86)\Stardock\MyColors\Loader.exe" [2009-12-15 11520]
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "ConsentPromptBehaviorAdmin"= 5 (0x5)
          "ConsentPromptBehaviorUser"= 3 (0x3)
          "EnableUIADesktopToggle"= 0 (0x0)
          .
          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
          2010-04-04 18:43   144712   ----a-w-   c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
          .
          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
          Notification Packages   REG_MULTI_SZ      scecli FAPassSync
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
          @="Service"
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
          @="Service"
          .
          R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys

          R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

          R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys

          R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys

          R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys

          R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys

          R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe

          R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys

          R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

          R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys

          R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

          R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys

          R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys

          R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys

          R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys

          R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys

          R3 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys

          R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

          R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys

          R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

          R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys;c:\windows\SYSNATIVE\DRIVERS\tinspusb.sys

          R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

          R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys

          S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS

          S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys

          S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys

          S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys

          S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys

          S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys

          S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys

          S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys

          S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys

          S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys

          S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys

          S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys

          S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys

          S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys

          S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys

          S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys

          S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys

          S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe

          S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe

          S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

          S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe

          S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

          S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe;c:\program files\Alienware\Command Center\AlienSense\FAService.exe

          S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

          S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

          S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys

          S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys

          S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys

          S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys

          S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe

          S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe

          S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

          S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys

          S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys

          S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys

          .
          .
          Contents of the 'Scheduled Tasks' folder
          .
          2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
          - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02 01:19]
          .
          2014-04-02 c:\windows\Tasks\HP Photo Creations Communicator.job
          - c:\programdata\HP Photo Creations\Communicator.exe [2014-03-11 01:26]
          .
          .
          --------- X64 Entries -----------
          .
          .
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
          "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
          "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
          "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
          "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-23 165912]
          "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-23 387608]
          "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-23 365592]
          "Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-03-13 600928]
          "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1612504]
          .
          ------- Supplementary Scan -------
          .
          uLocal Page = c:\windows\system32\blank.htm
          uStart Page = about:blank
          mLocal Page = c:\windows\SysWOW64\blank.htm
          uInternet Settings,ProxyServer = mirnosurf.info:80
          IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
          IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
          IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
          TCP: Interfaces\{7293C51D-DEEE-40CD-847C-582843B8278A}: NameServer = 208.67.222.222,208.67.220.220
          FF - ProfilePath - c:\users\Alien\AppData\Roaming\Mozilla\Firefox\Profiles\9qq4xa8l.default\
          FF - prefs.js: browser.search.selectedEngine - Bing
          .
          - - - - ORPHANS REMOVED - - - -
          .
          Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
          Wow6432Node-HKLM-Run-FAStartup - (no file)
          Wow6432Node-HKLM-Run-<NO NAME> - (no file)
          c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe
          c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe
          HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
          ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
          ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
          HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
          .
          .
          .
          --------------------- LOCKED REGISTRY KEYS ---------------------
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
          @Denied: (Full) (Everyone)
          .
          Completion time: 2014-04-01  18:16:38
          ComboFix-quarantined-files.txt  2014-04-02 00:16
          .
          Pre-Run: 150,583,050,240 bytes free
          Post-Run: 150,566,268,928 bytes free
          .
          - - End Of File - - FB065A3A92471BDCA026AE20B8839F3A
          A36C5E4F47E84449FF07ED3517B43A31

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Virus or something worse?
          « Reply #6 on: April 01, 2014, 07:41:22 PM »
          Well, it appears that you COMODO Antivirus and Panda Cloud Antivirus on your computer. Just make sure that only one AV is active at any time. Two or more AV's can cause all kinds of conflicts on your computer.

          Malwarebytes' Anti-Rootkit

          Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
          • Be sure to print out and follow the instructions provided on that same page for performing a scan.
          • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
          • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
          • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
          • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
          • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
          • Copy and paste the contents of these two log files in your next reply.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          Kenter

            Topic Starter


            Beginner
            • Experience: Beginner
            • OS: Windows 7
            Re: Virus or something worse?
            « Reply #7 on: April 01, 2014, 09:32:53 PM »
            The Malwarebytes Anti-Rootkit didn't produce a log. It said no cleanup required, Scan Finished, No Malware Found. Which I don't believe can be correct. The computer is still having problems with youtube, and accessing various websites.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Virus or something worse?
            « Reply #8 on: April 02, 2014, 12:35:45 PM »
            Quote
            The computer is still having problems with youtube,
            What sort of problems with Youtube?

            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan

            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            • Leave the check mark next to Remove found threats.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            Kenter

              Topic Starter


              Beginner
              • Experience: Beginner
              • OS: Windows 7
              Re: Virus or something worse?
              « Reply #9 on: April 02, 2014, 09:27:24 PM »
              When I go to youtube, and click on a video it will go to the video's page then the area where the video is will disappear and the busy sign by the mouse pointer keeps turning and flashing really fast. I tried last night to go to the usps.com, it says connection reset, and when I go to foreveryoneorjustme.com/ it says usps.com is really down yet at the same time I can go to it on my phone. Ill get the log on as soon as I run through the steps.
              « Last Edit: April 02, 2014, 10:06:48 PM by Kenter »

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Virus or something worse?
              « Reply #10 on: April 03, 2014, 12:00:06 PM »
              What browser are you using?
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              Kenter

                Topic Starter


                Beginner
                • Experience: Beginner
                • OS: Windows 7
                Re: Virus or something worse?
                « Reply #11 on: April 03, 2014, 07:57:03 PM »
                ESET Online Scanner reported no threats found. I'm using Firefox.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Virus or something worse?
                « Reply #12 on: April 04, 2014, 09:54:03 AM »
                Are you still having problems? If so, please try using Internet Explorer.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                Kenter

                  Topic Starter


                  Beginner
                  • Experience: Beginner
                  • OS: Windows 7
                  Re: Virus or something worse?
                  « Reply #13 on: April 04, 2014, 08:50:59 PM »
                  Nope no more problems thanks SuperDave!

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 991
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: Virus or something worse?
                  « Reply #14 on: April 05, 2014, 10:49:06 AM »
                  Great. We can do some cleanup.

                  Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

                  Click Start> Computer> right click the C Drive and choose Properties> enter
                  Click Disk Cleanup from there.



                  Click OK on the Disk Cleanup Screen.
                  Click Yes on the Confirmation screen.



                  This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                  ********************************************
                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender