Jump to content

Window media center virus everywhere,


Recommended Posts

Followed your instruction and created a frst.txt file..... 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by SYSTEM on MININT-UK8AO5V on 02-07-2015 23:53:00
Running from H:\
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [233472 2009-07-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5074384 2012-12-20] (ESET)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
Startup: C:\Users\HCL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-08-22]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASLDRService; C:\Program Files\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S2 Change Modem Device Service; C:\ProgramData\ChgService.exe [114688 2013-01-20] ()
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1333424 2012-12-20] (ESET)
S2 GFNEXSrv; C:\Program Files\PHotkey\GFNEXSrv.exe [133640 2009-12-18] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [25600 2009-07-24] (Alcor Micro, Corp.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-10-22] (QUALCOMM Incorporated)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2012-12-20] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2012-12-20] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2012-12-20] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2012-12-20] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2012-12-20] (ESET)
S2 PEGAGFN; C:\Program Files\PHotkey\PEGAGFN.sys [13320 2009-09-11] (PEGATRON)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-02 23:52 - 2015-07-02 23:53 - 00000000 ____D C:\FRST
2015-07-02 09:49 - 2015-07-02 09:49 - 00001152 _____ C:\Users\HCL\Desktop\RegCure Pro.lnk
2015-07-02 09:49 - 2015-07-02 09:49 - 00000000 ____D C:\Users\HCL\AppData\Roaming\ParetoLogic
2015-07-02 09:49 - 2015-07-02 09:49 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-07-02 09:49 - 2015-07-02 09:49 - 00000000 ____D C:\Program Files\ParetoLogic
2015-07-02 09:49 - 2015-07-02 09:49 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2015-07-02 09:24 - 2015-07-02 09:24 - 00000000 ____D C:\Windows\System32\appmgmt
2015-07-02 08:26 - 2015-07-02 08:29 - 00000000 ____D C:\Users\Anita\Desktop\7.WLAN
2015-07-02 08:23 - 2015-07-02 08:23 - 00000000 ____D C:\Users\Anita\AppData\Roaming\DivX
2015-06-30 09:24 - 2015-06-30 09:24 - 00000000 ____D C:\Users\HCL\AppData\Roaming\Intel
2015-06-30 09:24 - 2015-06-30 09:24 - 00000000 ____D C:\Users\Anita\AppData\Roaming\Intel
2015-06-30 09:23 - 2015-06-30 09:23 - 00000000 ____D C:\ProgramData\Intel
2015-06-30 09:23 - 2015-06-30 09:23 - 00000000 ____D C:\Program Files\Cisco
2015-06-30 09:22 - 2015-06-30 09:22 - 00000000 ____D C:\Users\Anita\Desktop\HCLWLANWin73264
2015-06-30 06:09 - 2015-06-30 06:09 - 00000000 ____D C:\Users\Anita\Documents\Bluetooth Exchange Folder
2015-06-30 06:09 - 2015-06-30 06:09 - 00000000 ____D C:\Users\Anita\AppData\Local\Broadcom
2015-06-30 05:48 - 2015-07-02 08:18 - 00109984 _____ C:\Users\Anita\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 05:47 - 2015-06-30 05:47 - 00000000 ____D C:\Users\Anita\AppData\Roaming\ESET
2015-06-30 05:47 - 2015-06-30 05:47 - 00000000 ____D C:\Users\Anita\AppData\Local\ESET
2015-06-30 05:46 - 2015-07-02 08:18 - 00000000 ____D C:\users\Anita
2015-06-30 05:46 - 2015-06-30 05:46 - 00000020 ___SH C:\Users\Anita\ntuser.ini
2015-06-30 05:46 - 2015-06-30 05:46 - 00000000 ____D C:\Users\Anita\AppData\Local\VirtualStore
2015-06-02 01:16 - 2015-06-02 01:16 - 00000000 ____D C:\Users\deepak\AppData\Local\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-02 09:46 - 2009-07-13 20:34 - 00010208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 09:46 - 2009-07-13 20:34 - 00010208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 09:41 - 2014-07-04 23:36 - 00049984 _____ C:\Windows\PFRO.log
2015-07-02 09:41 - 2009-07-13 20:39 - 00077481 _____ C:\Windows\setupact.log
2015-07-02 09:23 - 2014-12-03 09:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-30 23:12 - 2015-05-23 02:33 - 00000000 ____D C:\users\deepak
2015-06-30 23:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2015-06-30 23:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2015-06-30 09:43 - 2014-07-02 04:47 - 00000000 ____D C:\users\HCL
2015-06-30 08:40 - 2014-07-02 04:50 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-30 06:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2015-06-30 01:14 - 2015-05-27 03:06 - 00000000 ____D C:\Users\deepak\AppData\Local\Google
2015-06-28 23:36 - 2014-07-02 05:19 - 00000000 ____D C:\Users\HCL\AppData\Local\Google
2015-06-27 10:19 - 2015-05-23 02:33 - 00000000 ____D C:\Users\deepak\AppData\Local\VirtualStore
2015-06-26 08:00 - 2014-07-02 17:11 - 00058701 _____ C:\Windows\WindowsUpdate.log
2015-06-02 01:16 - 2015-05-29 06:04 - 00000000 ____D C:\Users\deepak\AppData\Roaming\Adobe
 
Files to move or delete:
====================
C:\ProgramData\ChgService.exe
 
 
Some files in TEMP:
====================
C:\Users\deepak\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\HCL\AppData\Local\Temp\GURF028.exe
C:\Users\HCL\AppData\Local\Temp\InstHelper.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-06-30 09:23:12
 
==================== Memory info =========================== 
 
Percentage of memory in use: 20%
Total physical RAM: 1909.12 MB
Available physical RAM: 1508.51 MB
Total Virtual: 1909.12 MB
Available Virtual: 1514.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:68.26 GB) (Free:46.88 GB) NTFS
Drive e: () (Fixed) (Total:112.54 GB) (Free:100.24 GB) NTFS
Drive f: (Deepak  Kadian) (Fixed) (Total:117.19 GB) (Free:98.05 GB) NTFS
Drive h: (SANDISK) (Removable) (Total:3.72 GB) (Free:3.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92978655)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.7 GB) (Disk ID: FDC01076)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
 
LastRegBack: 2015-03-08 01:53
 
==================== End of log ============================FRST.txt

 

Link to post
Share on other sites

Hello and :welcome: , Amit:

 

It appears that your post may have been inadvertently overlooked. :(

We are not permitted to review scan logs or work on possible malware-related issues here in this section of the forum.
Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.

>>As you have already run FRST, after reading the pinned topic, you just need to ATTACH those same FRST logs to a new, separate post in the malware removal section of the forum.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.