Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 Popups


  • This topic is locked This topic is locked
16 replies to this topic

#1 Garmad

Garmad

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 02 March 2015 - 10:39 PM

For past few days i am getting this error.This is given by my symantec antivirus.

Can you please help me in getting rid of this virus please.Attaching the frst log below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Archan (administrator) on ARCHANA on 02-03-2015 21:09:59
Running from C:\Users\Archan\Desktop
Loaded Profiles: Archan (Available profiles: Archan)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [798544 2015-02-23] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Run: [Google Update] => C:\Users\Archan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-04] (Google Inc.)
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1356176847-2097553378-2876698239-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1356176847-2097553378-2876698239-1001 -> DefaultScope {FEE1AEAE-9970-48A7-B932-C529845BB437} URL =
SearchScopes: HKU\S-1-5-21-1356176847-2097553378-2876698239-1001 -> {FEE1AEAE-9970-48A7-B932-C529845BB437} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Archan\AppData\Roaming\Mozilla\Firefox\Profiles\vrxd6h7t.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1356176847-2097553378-2876698239-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Archan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1356176847-2097553378-2876698239-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Archan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Archan\AppData\Roaming\Mozilla\Firefox\Profiles\vrxd6h7t.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Archan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-02-01]

Chrome:
=======
CHR Profile: C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Google Cast) - C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-04]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Webroot Password Manager) - C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-02-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2013-05-29] (Symantec Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2013-05-29] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2013-05-29] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [798544 2015-02-23] (Webroot)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150224.015\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2013-05-29] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-08] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150228.011\IDSvia64.sys [637656 2015-01-07] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150301.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150301.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2013-05-29] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2013-05-29] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [34352 2013-05-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2013-05-29] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2013-05-29] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SymELAM.sys [23448 2013-05-29] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2015-01-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2013-05-29] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2013-05-29] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [154904 2015-01-08] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [95616 2013-05-29] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-02-23] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-02-26] (Webroot)
S3 iscFlash; \??\C:\Users\Archan\AppData\Local\Temp\7zSAAD3.tmp\iscflashx64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 21:09 - 2015-03-02 21:10 - 00033161 _____ () C:\Users\Archan\Desktop\FRST.txt
2015-03-02 21:09 - 2015-03-02 21:10 - 00000000 ____D () C:\FRST
2015-03-02 20:53 - 2015-03-02 20:53 - 02092544 _____ (Farbar) C:\Users\Archan\Desktop\FRST64.exe
2015-02-28 23:16 - 2015-02-28 23:16 - 00000000 ___RD () C:\Users\Archan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-28 22:58 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-28 22:58 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-28 22:38 - 2015-02-28 22:38 - 07740440 _____ (Symantec Corporation) C:\Users\Archan\Downloads\SymHelp (2).exe
2015-02-28 22:38 - 2015-02-28 22:38 - 07740440 _____ (Symantec Corporation) C:\Users\Archan\Downloads\SymHelp (1).exe
2015-02-28 12:14 - 2015-02-28 12:14 - 07740440 _____ (Symantec Corporation) C:\Users\Archan\Downloads\SymHelp.exe
2015-02-28 12:05 - 2015-02-28 12:05 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 12:04 - 2015-02-28 12:04 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 12:04 - 2015-02-28 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 12:03 - 2015-02-28 12:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 12:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-28 12:03 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-28 12:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-28 11:51 - 2015-02-28 11:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Archan\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-26 06:26 - 2015-02-26 06:26 - 00041040 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-02-24 20:24 - 2014-12-13 15:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 20:24 - 2014-12-13 15:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 20:24 - 2014-10-28 19:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 20:24 - 2014-10-28 19:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 20:24 - 2014-10-28 19:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 20:24 - 2014-10-28 19:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-12 19:53 - 2015-02-12 19:53 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-12 19:53 - 2015-02-12 19:53 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-02-12 19:53 - 2015-02-12 19:53 - 00003218 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-02-12 19:53 - 2015-02-12 19:53 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-12 19:53 - 2015-02-12 19:53 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-12 19:53 - 2015-01-15 16:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 19:53 - 2015-01-15 16:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 19:53 - 2015-01-13 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 19:53 - 2015-01-13 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 19:53 - 2014-10-28 20:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 19:53 - 2014-10-28 20:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 19:53 - 2014-10-28 20:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 19:53 - 2014-10-28 20:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 19:53 - 2014-10-28 19:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 19:50 - 2015-01-13 16:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 19:50 - 2015-01-13 16:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 19:50 - 2015-01-10 03:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 19:50 - 2015-01-10 03:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 19:50 - 2015-01-10 02:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 19:50 - 2014-12-19 02:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 19:50 - 2014-12-19 02:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 19:50 - 2014-12-08 21:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 19:50 - 2014-12-08 19:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 19:50 - 2014-12-08 17:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 19:50 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 19:50 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 19:50 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 19:50 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 19:50 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 19:50 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 19:50 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 19:50 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 19:49 - 2015-02-03 17:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 19:49 - 2015-02-03 17:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 19:49 - 2015-02-03 17:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 19:49 - 2015-02-02 17:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 19:49 - 2015-02-02 17:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 19:49 - 2015-02-02 17:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 19:49 - 2015-01-19 12:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 19:49 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 19:49 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 19:49 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 19:49 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 19:49 - 2015-01-11 20:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 19:49 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 19:49 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 19:49 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 19:49 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 19:49 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 19:49 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 19:49 - 2015-01-11 19:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 19:49 - 2015-01-11 19:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 19:49 - 2015-01-11 19:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 19:49 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 19:49 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 19:49 - 2015-01-11 19:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 19:49 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 19:49 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 19:49 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 19:49 - 2015-01-11 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 19:49 - 2015-01-11 19:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 19:49 - 2015-01-11 19:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 19:49 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 19:49 - 2015-01-11 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 19:49 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 19:49 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 19:49 - 2015-01-11 19:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 19:49 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 19:49 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 19:49 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 19:49 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 19:49 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 19:49 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 19:49 - 2015-01-10 01:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 19:49 - 2015-01-10 00:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 19:48 - 2015-01-10 02:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 21:09 - 2014-02-01 10:03 - 00000000 ____D () C:\ProgramData\WRData
2015-03-02 21:08 - 2015-01-04 16:06 - 00000000 ____D () C:\Users\Archan\AppData\Local\ClassicShell
2015-03-02 21:08 - 2013-08-22 08:46 - 00308137 _____ () C:\WINDOWS\setupact.log
2015-03-02 21:06 - 2014-02-01 14:12 - 01221246 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 21:02 - 2014-05-24 07:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-02 21:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 20:34 - 2014-02-01 16:42 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5275736-B77C-4D0C-889A-839828371272}
2015-03-01 23:29 - 2014-12-04 18:19 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1356176847-2097553378-2876698239-1001UA.job
2015-03-01 23:29 - 2014-05-25 20:55 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 21:29 - 2014-05-25 20:55 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 21:07 - 2015-01-08 21:04 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-01 13:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-01 00:21 - 2013-12-03 22:19 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1356176847-2097553378-2876698239-1001
2015-02-28 23:22 - 2013-10-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-28 23:14 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-28 23:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-28 23:13 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-28 12:54 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-28 12:53 - 2013-08-22 08:44 - 00493832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-28 12:52 - 2013-11-14 01:20 - 00024822 _____ () C:\WINDOWS\PFRO.log
2015-02-28 12:45 - 2014-09-19 11:25 - 00001493 _____ () C:\Users\Archan\Desktop\questions.txt
2015-02-23 21:13 - 2014-02-01 10:04 - 00166128 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-02-23 21:13 - 2014-02-01 10:04 - 00114176 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-02-23 21:13 - 2014-02-01 10:04 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-02-23 20:34 - 2014-05-25 20:56 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-23 20:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 18:50 - 2014-08-30 10:48 - 00000000 ____D () C:\Users\Archan\AppData\Roaming\vlc
2015-02-15 15:29 - 2014-12-04 18:19 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1356176847-2097553378-2876698239-1001Core.job
2015-02-12 20:13 - 2014-12-02 19:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 20:11 - 2013-12-07 11:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 20:04 - 2013-12-07 11:31 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 20:00 - 2014-12-12 20:09 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 20:00 - 2014-07-10 20:39 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 19:53 - 2013-10-16 14:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-12 19:52 - 2013-10-16 14:21 - 00000000 ____D () C:\Program Files\Dell
2015-02-12 19:51 - 2013-10-16 14:28 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-12 19:51 - 2013-10-16 14:28 - 00000000 ____D () C:\Program Files\My Dell
2015-02-07 15:24 - 2014-12-04 18:19 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1356176847-2097553378-2876698239-1001UA
2015-02-07 15:24 - 2014-12-04 18:19 - 00003496 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1356176847-2097553378-2876698239-1001Core
2015-02-06 22:02 - 2014-05-24 07:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-06 21:24 - 2014-05-25 20:55 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 21:24 - 2014-05-25 20:55 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 13:31 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 22:48 - 2014-02-01 13:57 - 00000000 ____D () C:\Users\Archan

==================== Files in the root of some directories =======

2014-02-01 10:06 - 2014-02-01 10:06 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-05-25 06:31 - 2014-05-25 06:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-16 14:35 - 2013-10-16 14:35 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-16 14:30 - 2013-10-16 14:31 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-16 14:31 - 2013-10-16 14:33 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-16 14:30 - 2013-10-16 14:30 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-16 14:33 - 2013-10-16 14:35 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\Archan\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 13:12

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 07 March 2015 - 10:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568870 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 10 March 2015 - 07:58 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, Garmad

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Could you please provide more info on the detected item? I need to see the directory of the said file. Best if you can post the log at here.

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 10 March 2015 - 08:20 AM

Hi Conspire,

                    Thanks.In the above i posted log's already.

 

I dont understand what more details can i provide.I will be avl on chat from 5pm CST.

 

Thank You



#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 11 March 2015 - 05:56 AM

Sorry. I was referring to the Symantec. You said you receive pop up from Symantec on the infected item. I need more info on that.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 11 March 2015 - 06:50 AM

dwh1681.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/25/2015 19:08 dwh4d5f.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/27/2015 6:49 dwh97e7.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/25/2015 19:09 dwh2f25.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/27/2015 6:51 dwha7c7.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/25/2015 19:10 dwh3bc8.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/27/2015 6:52
dwh6efd.exe Trojan.Gen.2 Quarantined Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 2/28/2015 12:19

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 12 March 2015 - 09:07 AM

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 12 March 2015 - 08:23 PM

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 20:18:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Archan - ARCHANA
# Running from : C:\Users\Archan\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Archan\AppData\Roaming\Mozilla\Firefox\Profiles\vrxd6h7t.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

[C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************

AdwCleaner[R0].txt - [1940 bytes] - [12/03/2015 19:49:44]
AdwCleaner[R1].txt - [1861 bytes] - [12/03/2015 20:18:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1920 bytes] ##########
 



#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 13 March 2015 - 08:09 AM

Hi again,

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
===================================================

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===================================================

On your next reply please post :
AdwCleaner log
JRT log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 13 March 2015 - 09:32 AM

# AdwCleaner v4.112 - Logfile created 13/03/2015 at 09:23:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Archan - ARCHANA
# Running from : C:\Users\Archan\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Archan\AppData\Roaming\Mozilla\Firefox\Profiles\vrxd6h7t.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.89

[C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Archan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1940 bytes] - [12/03/2015 19:49:44]
AdwCleaner[R1].txt - [1999 bytes] - [12/03/2015 20:18:04]
AdwCleaner[R2].txt - [2058 bytes] - [13/03/2015 09:20:19]
AdwCleaner[S0].txt - [1843 bytes] - [13/03/2015 09:23:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1902  bytes] ##########
 

Now i am getting symantec pop up with blank threats..I dont know why blank screen comes.Let me try the second step of junkware too. Thanks !!



#11 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 13 March 2015 - 07:48 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by Archan on Fri 03/13/2015 at 13:02:25.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Archan\AppData\Roaming\mozilla\firefox\profiles\vrxd6h7t.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/13/2015 at 17:41:46.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 13 March 2015 - 07:50 PM

It said windows explorer has changed since I used it.

 

I disabled symantec.And after restart it said it changed from last time.I hope its all ok.

 

Thanks



#13 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 13 March 2015 - 09:26 PM

Now symantec pop ups became more frequent.Heres symantec log.Before shutting down  system,it said installing a windows update.That time my symantec was turned off as advised.Is it because of that ?

dwh9746.tmp Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/11/2015 21:42 dwh1414.exe Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/12/2015 19:33 dwha783.tmp Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/11/2015 21:42 dwh24af.tmp Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/12/2015 19:33 dwhbb89.exe Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/11/2015 21:42 dwhcf70.exe Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/11/2015 21:42 dwhdfad.exe Trojan.Gen.2 Pending Analysis Virus C:\ProgramData\Symantec\DefWatch.DWH\ ARCHANA SYSTEM Infected C:\ProgramData\Symantec\DefWatch.DWH\ Clean security risk Quarantine Auto-Protect scan   3/11/2015 21:42

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 14 March 2015 - 03:10 AM

This could very well be Symantec's problem. You should probably get the latest build or you can follow the instruction to stop it.

http://www.symantec.com/business/support/index?page=content&id=TECH102953
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Garmad

Garmad
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 14 March 2015 - 09:15 AM

Correct.I uninstalled symantec & installed AVG.No more pop up's.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users