Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91700 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

radio on youtube [reclosed due to no reply] [Closed]


  • This topic is locked This topic is locked
10 replies to this topic

#1 gbsk

gbsk

    Silver Member

  • Authentic Member
  • PipPipPip
  • 266 posts

Posted 07 March 2014 - 02:58 AM

When I turn on videos, I get radio stations playing along with the video so I hear mostly noise.   The computer runs slow and it crashes frequently.  I am certain it has malware.  How do I fix this?

 

Thanks


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 March 2014 - 07:46 PM

Hi gbsk,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 gbsk

gbsk

    Silver Member

  • Authentic Member
  • PipPipPip
  • 266 posts

Posted 10 March 2014 - 01:05 AM

OCD
 
I don't know why I have this line on here.   I downloaded the Security Check  I ran it and it said it was finished checking some stuff but when it was on the Health Check or something like that, it hung up and would not finish after at least 35 min. so I turned it off and tried to download the others.  I clicked on Save As so I could save them on the desktop but none of them saved or downloaded.  When I ran security check, I got a message saying I had too much band width using and I only had 2-3 windows open while trying to download.
 
Thanks
GB

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 March 2014 - 06:50 AM

Hi gbsk,

 

Do you have access to another computer? If so, download the tools onto a flash drive and transfer the tools to the desktop of the infected computer.
 
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 gbsk

gbsk

    Silver Member

  • Authentic Member
  • PipPipPip
  • 266 posts

Posted 10 March 2014 - 11:37 PM

OCD

 

Unfortunately, I do not have access to another computer except library computers.  I do not think I can download programs onto discs at the library.  What do you think?  

 

After running the security check 317, as I told you the computer got hung up.  I wrote to you and shut it off.  Today, I tried to start the computer at least 10 times and it kept crashing with blue screen when clicking on any program like a browser or something else.  I finally started it in safe mode with networking and can open programs.  This is not my computer and I am running the Norton that he has on the computer but it is running as bad as it ever has.  Much worse than when I first contacted you.  Does security check have malware?

 

Thanks

GB



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 March 2014 - 06:19 AM

Hi gbsk,
 

Unfortunately, I do not have access to another computer except library computers. 1. I do not think I can download programs onto discs at the library.  What do you think?  
 
After running the security check 317, as I told you the computer got hung up.  I wrote to you and shut it off.  Today, I tried to start the computer at least 10 times and it kept crashing with blue screen when clicking on any program like a browser or something else.  I finally started it in safe mode with networking and can open programs. 2. This is not my computer and I am running the Norton that he has on the computer but it is running as bad as it ever has.  Much worse than when I first contacted you. 3. Does security check have malware?

 
1. I don't know what your library policies are, you could always check with them and see what their reply is.
2. Please don't run any programs unless specifically asked to do so.
3. No, Security Check does not contain malware.
 
============================
  • What version of Windows are you running?
  • Can you download the programs when you are in Safe Mode w/ Networking?
  • If so, skip the Security Check tool and run the aswMBR & FRST steps outlined above.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 gbsk

gbsk

    Silver Member

  • Authentic Member
  • PipPipPip
  • 266 posts

Posted 12 March 2014 - 02:41 AM

OCD,

 

I will have to check with the library about their policies. 

Sorry but the computer ran so bad last night after running the security check, I had to get it up and running.  It is not my computer and the owner would be very mad at me if it was not working like it was before.  He is kind of funny.  H e  thinks since I use Yahoo mail, it is unstable and causes his computer to have problems.  All I know is that after I ran security check, the computer would hardly run at all.  Since I used Norton, I am in normal mode. 

 

Here are the logs. below. 

 

MBR.dat or Addition.txt were not on the desktop.  The only ones on the desktop were the programs themselves and the 2 logs.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-12 01:27:00
-----------------------------
01:27:00.713    OS Version: Windows 6.1.7601 Service Pack 1
01:27:00.713    Number of processors: 4 586 0x170A
01:27:00.713    ComputerName: DUANE-PC  UserName: Duane
01:27:17.623    Initialize success
01:28:17.839    AVAST engine defs: 14031102
02:14:41.926    The log file has been saved successfully to "C:\Users\Duane\Desktop\aswMBR.txt"

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Duane (administrator) on DUANE-PC on 12-03-2014 02:24:37
Running from C:\Users\Duane\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
() c:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OfficeScanNT Monitor] - c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1107472 2012-01-09] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [OE] - c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\S-1-5-21-1852239676-1987662728-649011286-1000\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-01-11] (Siber Systems)
HKU\S-1-5-21-1852239676-1987662728-649011286-1000\...\Run: [AROReminder] - C:\Program Files\ARO 2013\ARO.exe [3157336 2013-05-22] (Support.com, Inc.)
Startup: C:\Users\Duane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Duane\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ksl.com/
SearchScopes: HKCU - DefaultScope {4C523285-689D-479F-B760-1CA85FF74AB9} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {4C523285-689D-479F-B760-1CA85FF74AB9} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKCU - {EC632E19-1CC1-449C-AE6C-D684AB47A910} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=airmsd&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0Bzzzz0AyE0AyD0C0FyCyBtN0D0Tzu0CyCyDzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=144711846&ir=
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http://start.mysearc...cr=144711846=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (         "name": "",) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65267_0\plugin/gc_getcid.dll ( )
CHR Plugin: (Skype Click to Call) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Desktop) - C:\Users\Duane\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-14]
CHR Extension: (Google Drive) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-14]
CHR Extension: (YouTube) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-14]
CHR Extension: (Google Search) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-14]
CHR Extension: (UnfriendApp) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-01-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-03]
CHR Extension: (Google Wallet) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-14]
CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\Program Files\UnfriendApp\Chrome\common.crx [2012-11-07]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-21]

========================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1336464 2012-02-20] (Trend Micro Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2013-05-30] (PC Tools)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2012-02-07] (Trend Micro Inc.)
R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-02] ()
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1531392 2011-12-08] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497080 2010-07-21] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689680 2011-12-21] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-26] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\IPSDefs\20140311.001\IDSvix86.sys [395992 2014-03-05] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-03-11] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\VirusDefs\20140311.018\NAVENG.SYS [93272 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\VirusDefs\20140311.018\NAVEX15.SYS [1612376 2014-02-26] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-09-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1501000.012\SYMNETS.SYS [446552 2013-09-25] (Symantec Corporation)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [62224 2011-10-03] ()
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [165136 2011-10-03] ()
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [54544 2011-10-03] ()
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [262416 2011-07-12] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146000 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36624 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2011-03-28] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282704 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1405720 2011-07-12] (Trend Micro Inc.)
U3 aswMBR; \??\C:\Users\Duane\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-12 02:24 - 2014-03-12 02:24 - 00018050 _____ () C:\Users\Duane\Desktop\FRST.txt
2014-03-12 02:21 - 2014-03-12 02:21 - 01145856 _____ (Farbar) C:\Users\Duane\Desktop\FRST.exe
2014-03-12 02:14 - 2014-03-12 02:14 - 00000473 _____ () C:\Users\Duane\Desktop\aswMBR.txt
2014-03-12 01:24 - 2014-03-12 01:24 - 04745728 _____ (AVAST Software) C:\Users\Duane\Desktop\aswMBR.exe
2014-03-11 03:40 - 2014-03-11 03:40 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-11 02:55 - 2014-03-11 02:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-11 01:23 - 2014-03-11 01:23 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-10 23:03 - 2014-03-10 23:03 - 00145680 _____ () C:\Windows\Minidump\031014-72290-01.dmp
2014-03-10 21:36 - 2014-03-10 21:36 - 00145680 _____ () C:\Windows\Minidump\031014-69560-01.dmp
2014-03-10 21:19 - 2014-03-10 21:19 - 00145680 _____ () C:\Windows\Minidump\031014-49327-01.dmp
2014-03-10 21:16 - 2014-03-10 21:16 - 00145680 _____ () C:\Windows\Minidump\031014-49031-01.dmp
2014-03-10 21:11 - 2014-03-10 21:11 - 00145680 _____ () C:\Windows\Minidump\031014-53539-01.dmp
2014-03-08 12:08 - 2014-03-08 12:08 - 00145680 _____ () C:\Windows\Minidump\030814-39390-01.dmp
2014-03-08 11:05 - 2014-03-11 01:22 - 00221248 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-08 11:04 - 2014-03-08 11:04 - 00145680 _____ () C:\Windows\Minidump\030814-47174-01.dmp
2014-03-08 11:01 - 2014-03-08 11:01 - 00145696 _____ () C:\Windows\Minidump\030814-36987-01.dmp
2014-03-07 22:33 - 2014-03-07 22:33 - 00145728 _____ () C:\Windows\Minidump\030714-40248-01.dmp
2014-03-06 23:53 - 2014-03-10 23:02 - 310422649 _____ () C:\Windows\MEMORY.DMP
2014-03-06 23:53 - 2014-03-06 23:53 - 00145728 _____ () C:\Windows\Minidump\030614-31309-01.dmp
2014-03-05 18:36 - 2014-03-11 21:27 - 00003260 _____ () C:\Windows\setupact.log
2014-03-05 18:36 - 2014-03-08 11:33 - 00001728 _____ () C:\Windows\PFRO.log
2014-03-05 18:36 - 2014-03-05 18:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 02:54 - 2014-03-10 01:32 - 00000506 _____ () C:\Windows\TMFilter.log
2014-03-05 02:36 - 2014-03-05 02:36 - 00028844 _____ () C:\Users\Duane\Documents\cc_20140305_013614.reg
2014-03-05 02:31 - 2014-03-11 03:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Malwarebytes
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 02:20 - 2014-03-05 02:20 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\SUPERAntiSpyware.com
2014-03-05 02:04 - 2014-03-05 02:04 - 00000000 ____D () C:\ProgramData\CDB
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 __SHD () C:\found.003
2014-02-12 04:07 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 04:07 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 04:07 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 04:07 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 04:07 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 04:07 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 04:07 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 04:07 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 04:07 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 04:07 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 04:07 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 04:07 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 04:07 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 04:07 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 04:06 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 04:06 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 04:06 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 04:06 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 04:06 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 04:06 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 04:06 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 04:05 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:49 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 22:49 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 22:49 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 22:49 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 22:49 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 22:49 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 22:49 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-12 02:26 - 2014-03-12 02:24 - 00018050 _____ () C:\Users\Duane\Desktop\FRST.txt
2014-03-12 02:26 - 2012-05-25 10:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 02:24 - 2013-10-28 00:05 - 00000000 ____D () C:\FRST
2014-03-12 02:21 - 2014-03-12 02:21 - 01145856 _____ (Farbar) C:\Users\Duane\Desktop\FRST.exe
2014-03-12 02:14 - 2014-03-12 02:14 - 00000473 _____ () C:\Users\Duane\Desktop\aswMBR.txt
2014-03-12 01:39 - 2013-01-14 00:48 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 01:24 - 2014-03-12 01:24 - 04745728 _____ (AVAST Software) C:\Users\Duane\Desktop\aswMBR.exe
2014-03-11 21:38 - 2010-11-08 10:45 - 00000031 _____ () C:\tmuninst.ini
2014-03-11 21:35 - 2009-07-13 22:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 21:35 - 2009-07-13 22:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 21:32 - 2010-11-08 10:38 - 00933666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 21:32 - 2009-07-13 22:55 - 01438756 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 21:27 - 2014-03-05 18:36 - 00003260 _____ () C:\Windows\setupact.log
2014-03-11 21:27 - 2013-01-14 00:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 21:27 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 04:25 - 2010-11-11 13:22 - 00000000 ____D () C:\Users\Duane
2014-03-11 03:48 - 2014-03-05 02:31 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-11 03:40 - 2014-03-11 03:40 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-11 02:55 - 2014-03-11 02:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-11 02:23 - 2012-05-25 06:39 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Registry Mechanic
2014-03-11 01:46 - 2011-02-12 11:33 - 00000346 _____ () C:\Windows\reimage.ini
2014-03-11 01:31 - 2013-02-12 17:54 - 00000000 ____D () C:\Users\Duane\AppData\Local\NPE
2014-03-11 01:24 - 2010-11-11 14:05 - 00000000 ____D () C:\Users\Duane\Documents\PCCOP
2014-03-11 01:23 - 2014-03-11 01:23 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-11 01:22 - 2014-03-08 11:05 - 00221248 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-10 23:03 - 2014-03-10 23:03 - 00145680 _____ () C:\Windows\Minidump\031014-72290-01.dmp
2014-03-10 23:03 - 2011-01-13 08:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-10 23:02 - 2014-03-06 23:53 - 310422649 _____ () C:\Windows\MEMORY.DMP
2014-03-10 21:36 - 2014-03-10 21:36 - 00145680 _____ () C:\Windows\Minidump\031014-69560-01.dmp
2014-03-10 21:19 - 2014-03-10 21:19 - 00145680 _____ () C:\Windows\Minidump\031014-49327-01.dmp
2014-03-10 21:16 - 2014-03-10 21:16 - 00145680 _____ () C:\Windows\Minidump\031014-49031-01.dmp
2014-03-10 21:11 - 2014-03-10 21:11 - 00145680 _____ () C:\Windows\Minidump\031014-53539-01.dmp
2014-03-10 01:32 - 2014-03-05 02:54 - 00000506 _____ () C:\Windows\TMFilter.log
2014-03-10 01:31 - 2009-07-13 22:53 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 00:08 - 2013-01-14 00:48 - 00000000 ____D () C:\Program Files\Google
2014-03-08 12:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 12:08 - 2014-03-08 12:08 - 00145680 _____ () C:\Windows\Minidump\030814-39390-01.dmp
2014-03-08 11:33 - 2014-03-05 18:36 - 00001728 _____ () C:\Windows\PFRO.log
2014-03-08 11:04 - 2014-03-08 11:04 - 00145680 _____ () C:\Windows\Minidump\030814-47174-01.dmp
2014-03-08 11:01 - 2014-03-08 11:01 - 00145696 _____ () C:\Windows\Minidump\030814-36987-01.dmp
2014-03-07 22:33 - 2014-03-07 22:33 - 00145728 _____ () C:\Windows\Minidump\030714-40248-01.dmp
2014-03-06 23:53 - 2014-03-06 23:53 - 00145728 _____ () C:\Windows\Minidump\030614-31309-01.dmp
2014-03-06 23:27 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-05 18:36 - 2014-03-05 18:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 02:36 - 2014-03-05 02:36 - 00028844 _____ () C:\Users\Duane\Documents\cc_20140305_013614.reg
2014-03-05 02:35 - 2011-01-31 09:55 - 00000000 ____D () C:\Users\Duane\Tracing
2014-03-05 02:35 - 2011-01-10 23:01 - 00000000 ____D () C:\Users\Duane\AppData\Local\CrashDumps
2014-03-05 02:35 - 2010-11-08 12:19 - 00000000 ____D () C:\Windows\Panther
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Malwarebytes
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 02:20 - 2014-03-05 02:20 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\SUPERAntiSpyware.com
2014-03-05 02:04 - 2014-03-05 02:04 - 00000000 ____D () C:\ProgramData\CDB
2014-03-01 23:28 - 2013-08-14 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 23:28 - 2011-02-10 04:02 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 __SHD () C:\found.003
2014-02-21 02:26 - 2012-05-25 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 02:26 - 2012-05-25 10:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-12 04:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Some content of TEMP:
====================
C:\Users\Duane\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-07 10:58

==================== End Of Log ============================



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 March 2014 - 08:33 AM

Hi gbsk,
 

He thinks since I use Yahoo mail, it is unstable and causes his computer to have problems.

Yahoo mail should not be the cause of your issues. Unless you opened an infected email/attachment and that caused you problems.

Have you run TDSSKiller recently?

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • Combofix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 March 2014 - 07:30 PM

Hi gbsk,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 March 2014 - 08:44 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 March 2014 - 08:39 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users