When I turn on videos, I get radio stations playing along with the video so I hear mostly noise. The computer runs slow and it crashes frequently. I am certain it has malware. How do I fix this?
Thanks
Posted 07 March 2014 - 02:58 AM
When I turn on videos, I get radio stations playing along with the video so I hear mostly noise. The computer runs slow and it crashes frequently. I am certain it has malware. How do I fix this?
Thanks
Register to Remove
Posted 09 March 2014 - 07:46 PM
If you are satisfied with the help you have received, please consider making a donation.
Posted 10 March 2014 - 01:05 AM
Posted 10 March 2014 - 06:50 AM
Hi gbsk,
Do you have access to another computer? If so, download the tools onto a flash drive and transfer the tools to the desktop of the infected computer.
If you are satisfied with the help you have received, please consider making a donation.
Posted 10 March 2014 - 11:37 PM
OCD
Unfortunately, I do not have access to another computer except library computers. I do not think I can download programs onto discs at the library. What do you think?
After running the security check 317, as I told you the computer got hung up. I wrote to you and shut it off. Today, I tried to start the computer at least 10 times and it kept crashing with blue screen when clicking on any program like a browser or something else. I finally started it in safe mode with networking and can open programs. This is not my computer and I am running the Norton that he has on the computer but it is running as bad as it ever has. Much worse than when I first contacted you. Does security check have malware?
Thanks
GB
Posted 11 March 2014 - 06:19 AM
Unfortunately, I do not have access to another computer except library computers. 1. I do not think I can download programs onto discs at the library. What do you think?
After running the security check 317, as I told you the computer got hung up. I wrote to you and shut it off. Today, I tried to start the computer at least 10 times and it kept crashing with blue screen when clicking on any program like a browser or something else. I finally started it in safe mode with networking and can open programs. 2. This is not my computer and I am running the Norton that he has on the computer but it is running as bad as it ever has. Much worse than when I first contacted you. 3. Does security check have malware?
If you are satisfied with the help you have received, please consider making a donation.
Posted 12 March 2014 - 02:41 AM
OCD,
I will have to check with the library about their policies.
Sorry but the computer ran so bad last night after running the security check, I had to get it up and running. It is not my computer and the owner would be very mad at me if it was not working like it was before. He is kind of funny. H e thinks since I use Yahoo mail, it is unstable and causes his computer to have problems. All I know is that after I ran security check, the computer would hardly run at all. Since I used Norton, I am in normal mode.
Here are the logs. below.
MBR.dat or Addition.txt were not on the desktop. The only ones on the desktop were the programs themselves and the 2 logs.
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-12 01:27:00
-----------------------------
01:27:00.713 OS Version: Windows 6.1.7601 Service Pack 1
01:27:00.713 Number of processors: 4 586 0x170A
01:27:00.713 ComputerName: DUANE-PC UserName: Duane
01:27:17.623 Initialize success
01:28:17.839 AVAST engine defs: 14031102
02:14:41.926 The log file has been saved successfully to "C:\Users\Duane\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2014
Ran by Duane (administrator) on DUANE-PC on 12-03-2014 02:24:37
Running from C:\Users\Duane\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe
() c:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [OfficeScanNT Monitor] - c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1107472 2012-01-09] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [OE] - c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\S-1-5-21-1852239676-1987662728-649011286-1000\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-01-11] (Siber Systems)
HKU\S-1-5-21-1852239676-1987662728-649011286-1000\...\Run: [AROReminder] - C:\Program Files\ARO 2013\ARO.exe [3157336 2013-05-22] (Support.com, Inc.)
Startup: C:\Users\Duane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Duane\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ksl.com/
SearchScopes: HKCU - DefaultScope {4C523285-689D-479F-B760-1CA85FF74AB9} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {4C523285-689D-479F-B760-1CA85FF74AB9} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4
SearchScopes: HKCU - {EC632E19-1CC1-449C-AE6C-D684AB47A910} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1040\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=airmsd&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0Bzzzz0AyE0AyD0C0FyCyBtN0D0Tzu0CyCyDzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=144711846&ir=
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http://start.mysearc...cr=144711846=
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: ( "name": "",) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65267_0\plugin/gc_getcid.dll ( )
CHR Plugin: (Skype Click to Call) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Desktop) - C:\Users\Duane\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-14]
CHR Extension: (Google Drive) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-14]
CHR Extension: (YouTube) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-14]
CHR Extension: (Google Search) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-14]
CHR Extension: (UnfriendApp) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2013-01-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-09-03]
CHR Extension: (Google Wallet) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Duane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-14]
CHR HKLM\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\Program Files\UnfriendApp\Chrome\common.crx [2012-11-07]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-21]
========================== Services (Whitelisted) =================
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1336464 2012-02-20] (Trend Micro Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2013-05-30] (PC Tools)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2012-02-07] (Trend Micro Inc.)
R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-02] ()
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1531392 2011-12-08] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497080 2010-07-21] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689680 2011-12-21] (Trend Micro Inc.)
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R1 BHDrvx86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-02-26] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\IPSDefs\20140311.001\IDSvix86.sys [395992 2014-03-05] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-03-11] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\VirusDefs\20140311.018\NAVENG.SYS [93272 2014-02-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360 Premier Edition\NortonData\21.0.1.3\Definitions\VirusDefs\20140311.018\NAVEX15.SYS [1612376 2014-02-26] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-09-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1501000.012\SYMNETS.SYS [446552 2013-09-25] (Symantec Corporation)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [62224 2011-10-03] ()
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [165136 2011-10-03] ()
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [54544 2011-10-03] ()
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [262416 2011-07-12] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146000 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36624 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2011-03-28] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282704 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1405720 2011-07-12] (Trend Micro Inc.)
U3 aswMBR; \??\C:\Users\Duane\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-12 02:24 - 2014-03-12 02:24 - 00018050 _____ () C:\Users\Duane\Desktop\FRST.txt
2014-03-12 02:21 - 2014-03-12 02:21 - 01145856 _____ (Farbar) C:\Users\Duane\Desktop\FRST.exe
2014-03-12 02:14 - 2014-03-12 02:14 - 00000473 _____ () C:\Users\Duane\Desktop\aswMBR.txt
2014-03-12 01:24 - 2014-03-12 01:24 - 04745728 _____ (AVAST Software) C:\Users\Duane\Desktop\aswMBR.exe
2014-03-11 03:40 - 2014-03-11 03:40 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-11 02:55 - 2014-03-11 02:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-11 01:23 - 2014-03-11 01:23 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-10 23:03 - 2014-03-10 23:03 - 00145680 _____ () C:\Windows\Minidump\031014-72290-01.dmp
2014-03-10 21:36 - 2014-03-10 21:36 - 00145680 _____ () C:\Windows\Minidump\031014-69560-01.dmp
2014-03-10 21:19 - 2014-03-10 21:19 - 00145680 _____ () C:\Windows\Minidump\031014-49327-01.dmp
2014-03-10 21:16 - 2014-03-10 21:16 - 00145680 _____ () C:\Windows\Minidump\031014-49031-01.dmp
2014-03-10 21:11 - 2014-03-10 21:11 - 00145680 _____ () C:\Windows\Minidump\031014-53539-01.dmp
2014-03-08 12:08 - 2014-03-08 12:08 - 00145680 _____ () C:\Windows\Minidump\030814-39390-01.dmp
2014-03-08 11:05 - 2014-03-11 01:22 - 00221248 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-08 11:04 - 2014-03-08 11:04 - 00145680 _____ () C:\Windows\Minidump\030814-47174-01.dmp
2014-03-08 11:01 - 2014-03-08 11:01 - 00145696 _____ () C:\Windows\Minidump\030814-36987-01.dmp
2014-03-07 22:33 - 2014-03-07 22:33 - 00145728 _____ () C:\Windows\Minidump\030714-40248-01.dmp
2014-03-06 23:53 - 2014-03-10 23:02 - 310422649 _____ () C:\Windows\MEMORY.DMP
2014-03-06 23:53 - 2014-03-06 23:53 - 00145728 _____ () C:\Windows\Minidump\030614-31309-01.dmp
2014-03-05 18:36 - 2014-03-11 21:27 - 00003260 _____ () C:\Windows\setupact.log
2014-03-05 18:36 - 2014-03-08 11:33 - 00001728 _____ () C:\Windows\PFRO.log
2014-03-05 18:36 - 2014-03-05 18:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 02:54 - 2014-03-10 01:32 - 00000506 _____ () C:\Windows\TMFilter.log
2014-03-05 02:36 - 2014-03-05 02:36 - 00028844 _____ () C:\Users\Duane\Documents\cc_20140305_013614.reg
2014-03-05 02:31 - 2014-03-11 03:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Malwarebytes
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 02:20 - 2014-03-05 02:20 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\SUPERAntiSpyware.com
2014-03-05 02:04 - 2014-03-05 02:04 - 00000000 ____D () C:\ProgramData\CDB
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 __SHD () C:\found.003
2014-02-12 04:07 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 04:07 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 04:07 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 04:07 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 04:07 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 04:07 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 04:07 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 04:07 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 04:07 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 04:07 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 04:07 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 04:07 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 04:07 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 04:07 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 04:06 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 04:06 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 04:06 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 04:06 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 04:06 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 04:06 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 04:06 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 04:05 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:49 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 22:49 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 22:49 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 22:49 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 22:49 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 22:49 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 22:49 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 22:49 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 22:49 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-12 02:26 - 2014-03-12 02:24 - 00018050 _____ () C:\Users\Duane\Desktop\FRST.txt
2014-03-12 02:26 - 2012-05-25 10:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 02:24 - 2013-10-28 00:05 - 00000000 ____D () C:\FRST
2014-03-12 02:21 - 2014-03-12 02:21 - 01145856 _____ (Farbar) C:\Users\Duane\Desktop\FRST.exe
2014-03-12 02:14 - 2014-03-12 02:14 - 00000473 _____ () C:\Users\Duane\Desktop\aswMBR.txt
2014-03-12 01:39 - 2013-01-14 00:48 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 01:24 - 2014-03-12 01:24 - 04745728 _____ (AVAST Software) C:\Users\Duane\Desktop\aswMBR.exe
2014-03-11 21:38 - 2010-11-08 10:45 - 00000031 _____ () C:\tmuninst.ini
2014-03-11 21:35 - 2009-07-13 22:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 21:35 - 2009-07-13 22:34 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 21:32 - 2010-11-08 10:38 - 00933666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 21:32 - 2009-07-13 22:55 - 01438756 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 21:27 - 2014-03-05 18:36 - 00003260 _____ () C:\Windows\setupact.log
2014-03-11 21:27 - 2013-01-14 00:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 21:27 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 04:25 - 2010-11-11 13:22 - 00000000 ____D () C:\Users\Duane
2014-03-11 03:48 - 2014-03-05 02:31 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-11 03:40 - 2014-03-11 03:40 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-11 02:55 - 2014-03-11 02:55 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-11 02:23 - 2012-05-25 06:39 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Registry Mechanic
2014-03-11 01:46 - 2011-02-12 11:33 - 00000346 _____ () C:\Windows\reimage.ini
2014-03-11 01:31 - 2013-02-12 17:54 - 00000000 ____D () C:\Users\Duane\AppData\Local\NPE
2014-03-11 01:24 - 2010-11-11 14:05 - 00000000 ____D () C:\Users\Duane\Documents\PCCOP
2014-03-11 01:23 - 2014-03-11 01:23 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-11 01:22 - 2014-03-08 11:05 - 00221248 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-10 23:03 - 2014-03-10 23:03 - 00145680 _____ () C:\Windows\Minidump\031014-72290-01.dmp
2014-03-10 23:03 - 2011-01-13 08:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-10 23:02 - 2014-03-06 23:53 - 310422649 _____ () C:\Windows\MEMORY.DMP
2014-03-10 21:36 - 2014-03-10 21:36 - 00145680 _____ () C:\Windows\Minidump\031014-69560-01.dmp
2014-03-10 21:19 - 2014-03-10 21:19 - 00145680 _____ () C:\Windows\Minidump\031014-49327-01.dmp
2014-03-10 21:16 - 2014-03-10 21:16 - 00145680 _____ () C:\Windows\Minidump\031014-49031-01.dmp
2014-03-10 21:11 - 2014-03-10 21:11 - 00145680 _____ () C:\Windows\Minidump\031014-53539-01.dmp
2014-03-10 01:32 - 2014-03-05 02:54 - 00000506 _____ () C:\Windows\TMFilter.log
2014-03-10 01:31 - 2009-07-13 22:53 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 00:08 - 2013-01-14 00:48 - 00000000 ____D () C:\Program Files\Google
2014-03-08 12:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-08 12:08 - 2014-03-08 12:08 - 00145680 _____ () C:\Windows\Minidump\030814-39390-01.dmp
2014-03-08 11:33 - 2014-03-05 18:36 - 00001728 _____ () C:\Windows\PFRO.log
2014-03-08 11:04 - 2014-03-08 11:04 - 00145680 _____ () C:\Windows\Minidump\030814-47174-01.dmp
2014-03-08 11:01 - 2014-03-08 11:01 - 00145696 _____ () C:\Windows\Minidump\030814-36987-01.dmp
2014-03-07 22:33 - 2014-03-07 22:33 - 00145728 _____ () C:\Windows\Minidump\030714-40248-01.dmp
2014-03-06 23:53 - 2014-03-06 23:53 - 00145728 _____ () C:\Windows\Minidump\030614-31309-01.dmp
2014-03-06 23:27 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-05 18:36 - 2014-03-05 18:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 02:36 - 2014-03-05 02:36 - 00028844 _____ () C:\Users\Duane\Documents\cc_20140305_013614.reg
2014-03-05 02:35 - 2011-01-31 09:55 - 00000000 ____D () C:\Users\Duane\Tracing
2014-03-05 02:35 - 2011-01-10 23:01 - 00000000 ____D () C:\Users\Duane\AppData\Local\CrashDumps
2014-03-05 02:35 - 2010-11-08 12:19 - 00000000 ____D () C:\Windows\Panther
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\Malwarebytes
2014-03-05 02:31 - 2014-03-05 02:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 02:20 - 2014-03-05 02:20 - 00000000 ____D () C:\Users\Duane\AppData\Roaming\SUPERAntiSpyware.com
2014-03-05 02:04 - 2014-03-05 02:04 - 00000000 ____D () C:\ProgramData\CDB
2014-03-01 23:28 - 2013-08-14 08:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 23:28 - 2011-02-10 04:02 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 __SHD () C:\found.003
2014-02-21 02:26 - 2012-05-25 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 02:26 - 2012-05-25 10:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-12 04:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
Some content of TEMP:
====================
C:\Users\Duane\AppData\Local\Temp\ReimagePackage.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-07 10:58
==================== End Of Log ============================
Posted 12 March 2014 - 08:33 AM
Hi gbsk,
He thinks since I use Yahoo mail, it is unstable and causes his computer to have problems.
Yahoo mail should not be the cause of your issues. Unless you opened an infected email/attachment and that caused you problems.
Have you run TDSSKiller recently?
=========================
ComboFix
Refer to the ComboFix User's Guide
If you are satisfied with the help you have received, please consider making a donation.
Posted 15 March 2014 - 07:30 PM
If you are satisfied with the help you have received, please consider making a donation.
Posted 17 March 2014 - 08:44 AM
If you are satisfied with the help you have received, please consider making a donation.
Posted 23 March 2014 - 08:39 PM
If you are satisfied with the help you have received, please consider making a donation.
0 members, 0 guests, 0 anonymous users