Jump to content

Computer boots to a black screen after user acct logon


tjs369

Recommended Posts

My computer will start up to a black screen after I logon to my user account. If I ctrl-alt-del to get the task manager to come up it shows very few processes running i.e. 5 maybe. Eventually, somehow my desktop will appear and things will work right.

The computer is still sluggish (though its not necessarily the fastest to begin with). MBAM removed like 6 trojans yesterday (how I got them, I do not know). Last week I removed 2 and the month before I removed 2-3 more with MBAM. Before this post I ran MBAM again and no detected items, but I would like to be sure nothing else is wrong.

The most I do is browse Facebook, Hulu, Reddit, etc. I haven't downloaded any music or suspiscious programs in a few months. Also I have been unable to update Java. It constantly tells me there's an update available but if I click run/install it throws up and error and quits.

I have attached dds.txt and attach.txt (unless I was supposed to copy & paste?)

attach.txt

dds.txt

Link to post
Share on other sites

Hello tjs369 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following applications:

µTorrent

Panda Security Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

Hi, Thanks so much for your help. Here are the three logs you requested.

-----JRT.txt-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.0.7 (12.11.2012:3)

OS: Windows Vista Home Premium x86

Ran by Tara on Tue 12/11/2012 at 10:23:27.75

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3665390842-1344598106-1766541070-1001\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\s"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"

Successfully deleted: [Registry Key] "hkey_local_machine\software\tarma installer"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\Program Files\utorrentbar"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 12/11/2012 at 10:30:24.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----MBAM-----

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.11.08

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.16982

Tara :: STEVESIL-PC [administrator]

12/11/2012 10:32:39 AM

mbam-log-2012-12-11 (10-32-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220209

Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-----DDS-----

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_31

Run by Tara at 10:44:40 on 2012-12-11

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.283 [GMT -6:00]

.

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Windows\system32\HPSIsvc.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\SAMSUNG\Kies\Kies.exe

C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\notepad.exe

C:\Windows\explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop

dURLSearchHooks: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [Facebook Update] "c:\users\tara\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [sansaDispatch] c:\users\tara\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray

mRunOnce: [Launcher] c:\windows\sminst\launcher.exe

dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f

dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f

dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f

dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{F81364E4-99CB-4A8B-BCEF-5B1B0333CB02} : DHCPNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\tara\appdata\roaming\mozilla\firefox\profiles\bcqa1v0d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\users\tara\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\tara\appdata\roaming\mozilla\firefox\profiles\bcqa1v0d.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

.

---- FIREFOX POLICIES ----

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 04cdef38-d9bd-420a-82eb-7fe205c26d9a

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-11-9 119208]

R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-11-9 139176]

R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-11-9 163112]

R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-11-9 133544]

R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-11-9 125480]

R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-11-9 370216]

R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-11-9 191528]

R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-11-9 128040]

R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-11-9 276520]

R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-11-9 133928]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-11-9 174632]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-1-28 99896]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-8 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-8 676936]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-11-12 140064]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-11-9 149544]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-11-9 104488]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-11-9 114216]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-11-9 123944]

R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-11-14 36640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-8 22856]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 541800]

S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-10-22 29224]

S4 NNSPIHSW;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2012-11-9 74792]

.

=============== Created Last 30 ================

.

2012-12-11 16:23:15 -------- d-----w- c:\windows\ERUNT

2012-12-11 16:22:36 -------- d-----w- C:\JRT

2012-12-11 01:56:49 -------- d-----w- c:\users\tara\appdata\local\panda4_0dn

2012-12-11 01:56:15 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-12-10 08:16:34 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0cc5b45-9477-4034-a9f8-ecc8f849f212}\offreg.dll

2012-12-09 08:04:45 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0cc5b45-9477-4034-a9f8-ecc8f849f212}\mpengine.dll

2012-12-09 00:52:09 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll

2012-12-09 00:52:09 -------- d-----w- c:\users\tara\appdata\roaming\Catalina Marketing Corp

2012-12-09 00:52:06 489712 ----a-w- c:\users\tara\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe

2012-12-07 03:05:59 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-11-16 01:51:35 -------- d-----w- c:\users\tara\appdata\roaming\System

.

==================== Find3M ====================

.

2012-11-10 01:00:49 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-11-10 01:00:10 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-11-10 01:00:10 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-11-10 01:00:10 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-11-10 01:00:09 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-11-09 17:23:58 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-11-09 17:23:58 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-11-09 17:23:57 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-11-09 17:23:57 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-11-09 17:23:57 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-11-09 17:23:56 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-11-09 17:23:56 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-11-09 17:23:55 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-11-09 17:23:55 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-11-09 17:23:55 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-11-09 17:23:54 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-10-22 18:08:35 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-10-09 06:12:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 06:12:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 10:45:55.28 ===============

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 12-12-10.01 - Tara 12/11/2012 20:06:19.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.252 [GMT -6:00]

Running from: c:\users\Tara\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL12C6.tmp

c:\programdata\SPL2A2F.tmp

c:\programdata\SPL354B.tmp

c:\programdata\SPL442D.tmp

c:\programdata\SPL55F9.tmp

c:\programdata\SPL6308.tmp

c:\programdata\SPL7701.tmp

c:\programdata\SPL7BA4.tmp

c:\programdata\SPL80C3.tmp

c:\programdata\SPL8371.tmp

c:\programdata\SPL9217.tmp

c:\programdata\SPL9B12.tmp

c:\programdata\SPL9DA5.tmp

c:\programdata\SPLA0D5.tmp

c:\programdata\SPLAE19.tmp

c:\programdata\SPLAFBE.tmp

c:\programdata\SPLB2B0.tmp

c:\programdata\SPLB395.tmp

c:\programdata\SPLB48F.tmp

c:\programdata\SPLB502.tmp

c:\programdata\SPLD09B.tmp

c:\programdata\SPLDD36.tmp

c:\programdata\SPLF26B.tmp

c:\programdata\SPLFF6B.tmp

c:\users\Tara\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-11-12 to 2012-12-12 )))))))))))))))))))))))))))))))

.

.

2012-12-12 02:20 . 2012-12-12 02:20 -------- d-----w- c:\users\stevesil\AppData\Local\temp

2012-12-12 02:20 . 2012-12-12 02:28 -------- d-----w- c:\users\Tara\AppData\Local\temp

2012-12-12 02:20 . 2012-12-12 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-11 16:23 . 2012-12-11 16:23 -------- d-----w- c:\windows\ERUNT

2012-12-11 16:22 . 2012-12-11 16:22 -------- d-----w- C:\JRT

2012-12-11 01:56 . 2012-12-11 02:14 -------- d-----w- c:\users\Tara\AppData\Local\panda4_0dn

2012-12-11 01:56 . 2012-11-07 15:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-12-10 08:16 . 2012-12-10 08:16 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CC5B45-9477-4034-A9F8-ECC8F849F212}\offreg.dll

2012-12-09 08:04 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CC5B45-9477-4034-A9F8-ECC8F849F212}\mpengine.dll

2012-12-09 00:52 . 2012-12-09 00:52 -------- d-----w- c:\users\Tara\AppData\Roaming\Catalina Marketing Corp

2012-12-09 00:52 . 2012-12-09 00:51 489712 ----a-w- c:\users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2012-11-16 01:51 . 2012-12-09 02:43 -------- d-----w- c:\users\Tara\AppData\Roaming\System

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-10 01:00 . 2012-11-10 01:00 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-11-10 01:00 . 2012-11-10 01:00 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-11-10 01:00 . 2012-11-10 01:00 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-11-10 01:00 . 2012-11-10 01:00 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-11-10 01:00 . 2012-11-10 01:00 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-11-09 17:23 . 2012-11-09 17:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-11-09 17:23 . 2012-11-09 17:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-11-09 17:23 . 2012-11-09 17:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-11-09 17:23 . 2012-11-09 17:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-11-09 17:23 . 2012-11-09 17:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-11-09 17:23 . 2012-11-09 17:23 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-11-09 17:23 . 2012-11-09 17:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-11-09 17:23 . 2012-11-09 17:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-11-09 17:23 . 2012-11-09 17:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-11-09 17:23 . 2012-11-09 17:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-11-09 17:23 . 2012-11-09 17:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-10-22 18:08 . 2012-10-22 18:08 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-10-09 06:12 . 2012-05-26 18:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 06:12 . 2011-09-21 22:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2012-10-09 02:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 03:07 . 2012-12-07 03:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"SansaDispatch"="c:\users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-03-31 79872]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]

"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]

"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]

"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]

"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 06:12]

.

2012-11-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3665390842-1344598106-1766541070-1001Core.job

- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:25]

.

2012-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3665390842-1344598106-1766541070-1001UA.job

- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bcqa1v0d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 04cdef38-d9bd-420a-82eb-7fe205c26d9a

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-11 20:28

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe?D???????D???????????????????????D???????????????????????????????D???)?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5700)

c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\HP\HPLaserJetService\HPLaserJetService.exe

c:\windows\system32\HPSIsvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\lpremove.exe

c:\windows\system32\lpksetup.exe

.

**************************************************************************

.

Completion time: 2012-12-11 20:47:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-12 02:47

.

Pre-Run: 44,966,203,392 bytes free

Post-Run: 45,182,636,032 bytes free

.

- - End Of File - - 5CA1E9E838CD4CA96D146739E435552D

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::

FF - ProfilePath - c:\users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bcqa1v0d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 04cdef38-d9bd-420a-82eb-7fe205c26d9a

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi,thanks again for your help. I wanted to find out what you're seeing at this point? After my last post running CF (not this one, the previous one), I got a lot of my files back that I thought I had lost. Also, Windows pops up saying that it does not detect an anti virus service installed on my computer even though Panda Security is up and running again after reboot. Overall the computer seems to be running better: my browser is not freezing up hardly at all and most things open quickly. But the computer still starts up to a black screen after my account is logged on. Everything does come together on its own now and a bit quicker than in the beginning.

Please see the ComboFix log you requested below:

----------------------------------------------------------------------

ComboFix 12-12-10.01 - Tara 12/12/2012 19:02:32.2.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1015.365 [GMT -6:00]

Running from: c:\users\Tara\Downloads\ComboFix.exe

Command switches used :: c:\users\Tara\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tara\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))

.

.

2012-12-13 01:15 . 2012-12-13 01:21 -------- d-----w- c:\users\Tara\AppData\Local\temp

2012-12-13 01:15 . 2012-12-13 01:15 -------- d-----w- c:\users\stevesil\AppData\Local\temp

2012-12-13 01:15 . 2012-12-13 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-11 16:23 . 2012-12-11 16:23 -------- d-----w- c:\windows\ERUNT

2012-12-11 16:22 . 2012-12-11 16:22 -------- d-----w- C:\JRT

2012-12-11 01:56 . 2012-12-11 02:14 -------- d-----w- c:\users\Tara\AppData\Local\panda4_0dn

2012-12-11 01:56 . 2012-11-07 15:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-12-10 08:16 . 2012-12-10 08:16 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CC5B45-9477-4034-A9F8-ECC8F849F212}\offreg.dll

2012-12-09 08:04 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CC5B45-9477-4034-A9F8-ECC8F849F212}\mpengine.dll

2012-12-09 00:52 . 2012-12-09 00:52 -------- d-----w- c:\users\Tara\AppData\Roaming\Catalina Marketing Corp

2012-12-09 00:52 . 2012-12-09 00:51 489712 ----a-w- c:\users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2012-11-16 01:51 . 2012-12-09 02:43 -------- d-----w- c:\users\Tara\AppData\Roaming\System

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 06:12 . 2012-05-26 18:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 06:12 . 2011-09-21 22:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-10 01:00 . 2012-11-10 01:00 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-11-10 01:00 . 2012-11-10 01:00 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-11-10 01:00 . 2012-11-10 01:00 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-11-10 01:00 . 2012-11-10 01:00 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-11-10 01:00 . 2012-11-10 01:00 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-11-09 17:23 . 2012-11-09 17:23 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-11-09 17:23 . 2012-11-09 17:23 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-11-09 17:23 . 2012-11-09 17:23 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-11-09 17:23 . 2012-11-09 17:23 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-11-09 17:23 . 2012-11-09 17:23 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-11-09 17:23 . 2012-11-09 17:23 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-11-09 17:23 . 2012-11-09 17:23 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-11-09 17:23 . 2012-11-09 17:23 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-11-09 17:23 . 2012-11-09 17:23 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-11-09 17:23 . 2012-11-09 17:23 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-11-09 17:23 . 2012-11-09 17:23 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-10-22 18:08 . 2012-10-22 18:08 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-09-30 00:54 . 2012-10-09 02:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 03:07 . 2012-12-07 03:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"SansaDispatch"="c:\users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-03-31 79872]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]

"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]

"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-15 32032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]

"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]

"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]

"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 06:12]

.

2012-11-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3665390842-1344598106-1766541070-1001Core.job

- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:25]

.

2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3665390842-1344598106-1766541070-1001UA.job

- c:\users\Tara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-11 23:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\bcqa1v0d.default\

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 04cdef38-d9bd-420a-82eb-7fe205c26d9a

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-12 19:19

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\users\Tara\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe?D???????D???????????????????????D???????????????????????????????D???)?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4020)

c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\HP\HPLaserJetService\HPLaserJetService.exe

c:\windows\system32\HPSIsvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\system32\consent.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\ehome\mcupdate.EXE

.

**************************************************************************

.

Completion time: 2012-12-12 19:29:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-13 01:28

ComboFix2.txt 2012-12-12 02:47

.

Pre-Run: 45,379,469,312 bytes free

Post-Run: 45,357,010,944 bytes free

.

- - End Of File - - F0273D447A5E52FC312E54A151B1B861

Link to post
Share on other sites

Oh, that's good. :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Then manually delete Junkware Removal Tool.

Some malware prevention tips:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.