Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Necurs.A Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 cj12101

cj12101

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 17 September 2012 - 10:01 PM

Hello,
I believe I have a Trojan.Necurs.A virus. I've attached my FRST64 log. I'm running Windows 7 Home Premium.
Thanks for your help,
CJ12101

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2012
Ran by SYSTEM at 17-09-2012 19:40:13
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe" [1628944 2011-12-23] (InternetSafety.com, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-08-29] (AVG Technologies CZ, s.r.o.)
HKU\pc\...\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" [1847808 2011-12-01] (Livedrive Internet Ltd)
HKU\pc\...\Run: [Google Update] "C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-17] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1286392 2012-08-20] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-20] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-20] (AVG Technologies CZ, s.r.o.)
2 LivedriveVSSService; "C:\Program Files (x86)\Livedrive\VSSService.exe" [212832 2011-12-01] ()
2 seUpdateSvc; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [294160 2011-12-23] (InternetSafety.com, Inc.)

==================== Drivers (Whitelisted) =====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [150880 2012-08-13] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [60768 2012-08-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [175968 2012-08-09] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [230240 2012-08-09] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [105312 2012-08-10] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40288 2012-08-10] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [199520 2012-08-10] (AVG Technologies CZ, s.r.o.)
1 CbFs; C:\Windows\System32\Drivers\CbFs.sys [191960 2010-02-16] (EldoS Corporation)
0 ed683da69375aa1; C:\Windows\System32\Drivers\ed683da69375aa1.sys [84928 2012-07-13] () ATTENTION =====> Rootkit?
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-07] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-07] (Symantec Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
2 TMAgent; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-17 18:28 - 2012-09-17 18:28 - 04983144 ____A (SpeedyPC Software) C:\Users\pc\Downloads\SpeedyPC Pro Installer (1).exe
2012-09-17 18:27 - 2012-09-17 18:27 - 04983144 ____A (SpeedyPC Software) C:\Users\pc\Downloads\SpeedyPC Pro Installer.exe
2012-09-17 18:27 - 2012-09-17 18:27 - 00001205 ____A C:\Users\pc\Downloads\FixNCR.reg
2012-09-17 18:10 - 2012-09-17 18:14 - 00000000 ____D C:\FRST
2012-09-17 18:10 - 2012-09-17 18:10 - 00017058 ____A C:\FRST.txt
2012-09-17 18:09 - 2012-09-17 18:07 - 01454285 ____A (Farbar) C:\FRST64.exe
2012-09-17 16:27 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-09-17 16:26 - 2012-09-17 16:26 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-09-17 16:26 - 2012-09-17 16:26 - 00000000 ____D C:\Program Files\AVAST Software
2012-09-17 16:24 - 2012-09-17 16:25 - 93654616 ____A C:\Users\pc\Downloads\avast_free_antivirus_setup.exe
2012-09-17 15:50 - 2012-09-17 15:50 - 00000000 ____D C:\Users\pc\AppData\Roaming\AVG2013
2012-09-17 15:49 - 2012-09-17 15:49 - 00000000 ___HD C:\$AVG
2012-09-17 15:45 - 2012-09-17 15:45 - 04411392 ____A (AVG Technologies) C:\Users\pc\Downloads\avg_free_stb_all_2013_2667_cnet (1).exe
2012-09-17 15:43 - 2012-09-17 15:43 - 00000000 ____D C:\Users\pc\AppData\Local\Avg2013
2012-09-17 15:34 - 2012-09-17 16:17 - 00000280 ____A C:\Windows\setupact.log
2012-09-17 15:34 - 2012-09-17 15:51 - 00018036 ____A C:\Windows\PFRO.log
2012-09-17 15:34 - 2012-09-17 15:34 - 00000000 ____A C:\Windows\setuperr.log
2012-09-17 14:55 - 2012-09-17 14:59 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2012
2012-09-17 14:55 - 2012-09-17 14:55 - 00001085 ____A C:\Users\Public\Desktop\Advanced Fix 2012.lnk
2012-09-17 14:54 - 2012-09-17 14:54 - 06648264 ____A (Advanced Fix, Inc. ) C:\Users\pc\Downloads\PCMAX_AF_ErrorsFix_Setup.exe
2012-09-17 14:39 - 2012-09-17 15:51 - 00000000 ____D C:\Program Files\Trend Micro
2012-09-17 14:39 - 2012-09-17 15:36 - 00000059 ____A C:\Windows\System32\SupportTool.exe.bat
2012-09-17 14:39 - 2012-09-17 15:35 - 00000000 ____D C:\Users\All Users\Trend Micro
2012-09-17 14:37 - 2012-09-17 14:37 - 00000036 ____A C:\Users\pc\AppData\Local\housecall.guid.cache
2012-09-17 14:29 - 2012-09-17 15:50 - 00000000 ____D C:\Users\All Users\AVG2013
2012-09-17 14:29 - 2012-09-17 14:29 - 00000000 ____D C:\Users\pc\AppData\Roaming\TuneUp Software
2012-09-17 14:28 - 2012-09-17 14:28 - 00000000 ____D C:\Program Files (x86)\AVG
2012-09-17 14:23 - 2012-09-17 18:27 - 00000000 ____D C:\Users\All Users\MFAData
2012-09-17 14:23 - 2012-09-17 14:23 - 04411392 ____A (AVG Technologies) C:\Users\pc\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-17 14:23 - 2012-09-17 14:23 - 00000000 ____D C:\Users\pc\AppData\Local\MFAData
2012-09-17 14:22 - 2012-09-17 15:35 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-09-17 14:22 - 2012-09-17 14:22 - 06160792 ____A (Trend Micro Inc.) C:\Users\pc\Downloads\TrendMicro_TAV_US-en_SIA.exe
2012-09-17 14:15 - 2012-09-17 16:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596717661-2410607434-2741301684-1001UA.job
2012-09-17 14:15 - 2012-09-17 14:20 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596717661-2410607434-2741301684-1001Core.job
2012-09-17 13:59 - 2012-09-17 13:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\Business Logic
2012-09-17 13:58 - 2012-09-17 13:58 - 04436088 ____A (Business Logic Corporation ) C:\Users\pc\Downloads\WinCleanerOneClick1MonthSetup.exe
2012-09-17 13:58 - 2012-09-17 13:58 - 00000000 ____D C:\Program Files (x86)\Business Logic Corporation
2012-09-16 10:02 - 2012-09-16 10:02 - 00000391 ____A C:\Users\pc\Downloads\search (17)
2012-09-15 21:20 - 2012-09-15 21:20 - 00001371 ____A C:\Users\pc\Downloads\s (19)
2012-09-13 22:24 - 2012-09-13 22:27 - 00000000 ____D C:\Users\pc\Desktop\GoPro-Carter
2012-09-10 23:06 - 2012-09-10 23:06 - 00318902 ____A C:\Users\pc\Downloads\HTML Exam.zip
2012-09-10 21:29 - 2012-09-10 21:29 - 00002084 ____A C:\Users\pc\Downloads\Attachments_2012_09_10.zip
2012-09-03 12:52 - 2012-09-03 12:52 - 00214432 ____A C:\Users\pc\Downloads\Attachments_2012_09_3.zip
2012-08-30 19:56 - 2012-08-30 19:56 - 01740001 ____A C:\Users\pc\Downloads\HowaRealManTakesoffhisUnderwear1.wmv
2012-08-27 16:46 - 2012-09-06 10:24 - 00000000 ____D C:\Users\pc\Desktop\Nancy
2012-08-24 17:23 - 2012-08-28 15:01 - 00269312 ____A C:\Users\pc\Desktop\Exhibit 2 - Information for Expert WitnessUpdated8-24-12.xls
2012-08-19 11:29 - 2012-08-19 11:29 - 00068131 ____A C:\Users\pc\Downloads\Attachments_2012_08_19.zip


==================== 3 Months Modified Files ==================

2012-09-17 18:31 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-17 18:28 - 2012-09-17 18:28 - 04983144 ____A (SpeedyPC Software) C:\Users\pc\Downloads\SpeedyPC Pro Installer (2).exe
2012-09-17 18:28 - 2012-09-17 18:28 - 04983144 ____A (SpeedyPC Software) C:\Users\pc\Downloads\SpeedyPC Pro Installer (1).exe
2012-09-17 18:27 - 2012-09-17 18:27 - 04983144 ____A (SpeedyPC Software) C:\Users\pc\Downloads\SpeedyPC Pro Installer.exe
2012-09-17 18:27 - 2012-09-17 18:27 - 00001205 ____A C:\Users\pc\Downloads\FixNCR.reg
2012-09-17 18:10 - 2012-09-17 18:10 - 00017058 ____A C:\FRST.txt
2012-09-17 18:07 - 2012-09-17 18:09 - 01454285 ____A (Farbar) C:\FRST64.exe
2012-09-17 16:25 - 2012-09-17 16:24 - 93654616 ____A C:\Users\pc\Downloads\avast_free_antivirus_setup.exe
2012-09-17 16:25 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-17 16:25 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-17 16:20 - 2012-09-17 14:15 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596717661-2410607434-2741301684-1001UA.job
2012-09-17 16:18 - 2012-02-27 11:53 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-17 16:17 - 2012-09-17 15:34 - 00000280 ____A C:\Windows\setupact.log
2012-09-17 16:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-17 16:04 - 2011-11-26 18:57 - 01378539 ____A C:\Windows\WindowsUpdate.log
2012-09-17 16:03 - 2012-02-27 11:53 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-17 15:51 - 2012-09-17 15:34 - 00018036 ____A C:\Windows\PFRO.log
2012-09-17 15:45 - 2012-09-17 15:45 - 04411392 ____A (AVG Technologies) C:\Users\pc\Downloads\avg_free_stb_all_2013_2667_cnet (1).exe
2012-09-17 15:36 - 2012-09-17 14:39 - 00000059 ____A C:\Windows\System32\SupportTool.exe.bat
2012-09-17 15:34 - 2012-09-17 15:34 - 00000000 ____A C:\Windows\setuperr.log
2012-09-17 14:55 - 2012-09-17 14:55 - 00001085 ____A C:\Users\Public\Desktop\Advanced Fix 2012.lnk
2012-09-17 14:54 - 2012-09-17 14:54 - 06648264 ____A (Advanced Fix, Inc. ) C:\Users\pc\Downloads\PCMAX_AF_ErrorsFix_Setup.exe
2012-09-17 14:37 - 2012-09-17 14:37 - 00000036 ____A C:\Users\pc\AppData\Local\housecall.guid.cache
2012-09-17 14:35 - 2009-07-13 20:45 - 00276240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-17 14:23 - 2012-09-17 14:23 - 04411392 ____A (AVG Technologies) C:\Users\pc\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-17 14:22 - 2012-09-17 14:22 - 06160792 ____A (Trend Micro Inc.) C:\Users\pc\Downloads\TrendMicro_TAV_US-en_SIA.exe
2012-09-17 14:20 - 2012-09-17 14:15 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596717661-2410607434-2741301684-1001Core.job
2012-09-17 14:15 - 2011-11-29 18:40 - 00058352 ____A C:\Users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-17 13:58 - 2012-09-17 13:58 - 04436088 ____A (Business Logic Corporation ) C:\Users\pc\Downloads\WinCleanerOneClick1MonthSetup.exe
2012-09-16 10:02 - 2012-09-16 10:02 - 00000391 ____A C:\Users\pc\Downloads\search (17)
2012-09-15 21:20 - 2012-09-15 21:20 - 00001371 ____A C:\Users\pc\Downloads\s (19)
2012-09-10 23:06 - 2012-09-10 23:06 - 00318902 ____A C:\Users\pc\Downloads\HTML Exam.zip
2012-09-10 21:29 - 2012-09-10 21:29 - 00002084 ____A C:\Users\pc\Downloads\Attachments_2012_09_10.zip
2012-09-03 12:52 - 2012-09-03 12:52 - 00214432 ____A C:\Users\pc\Downloads\Attachments_2012_09_3.zip
2012-08-30 19:56 - 2012-08-30 19:56 - 01740001 ____A C:\Users\pc\Downloads\HowaRealManTakesoffhisUnderwear1.wmv
2012-08-28 15:01 - 2012-08-24 17:23 - 00269312 ____A C:\Users\pc\Desktop\Exhibit 2 - Information for Expert WitnessUpdated8-24-12.xls
2012-08-21 01:13 - 2012-09-17 16:27 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-19 11:29 - 2012-08-19 11:29 - 00068131 ____A C:\Users\pc\Downloads\Attachments_2012_08_19.zip
2012-08-13 15:40 - 2012-08-13 15:40 - 00150880 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-08-10 03:52 - 2012-08-10 03:52 - 00199520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-10 03:52 - 2012-08-10 03:52 - 00105312 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-08-10 03:52 - 2012-08-10 03:52 - 00040288 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-08-09 12:56 - 2012-08-09 12:56 - 00230240 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
2012-08-09 12:56 - 2012-08-09 12:56 - 00175968 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-08-09 12:56 - 2012-08-09 12:56 - 00060768 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-08-08 21:48 - 2012-08-08 21:48 - 00739026 ____A C:\Users\pc\Downloads\Unconfirmed 64441.crdownload
2012-08-05 15:22 - 2012-08-05 15:22 - 00068131 ____A C:\Users\pc\Downloads\Attachments_2012_08_5.zip
2012-07-13 12:24 - 2012-07-13 12:24 - 00084928 ____A C:\Windows\System32\Drivers\ed683da69375aa1.sys
2012-07-12 23:24 - 2012-07-12 23:24 - 00101376 ____A C:\Users\pc\Downloads\2012DoublePumpBoysTournamentSchedule.xls
2012-07-12 12:56 - 2012-07-12 12:56 - 00000127 ____A C:\Windows\System32\MRT.INI
2012-07-12 12:53 - 2010-01-15 08:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 10:34 - 2012-07-10 10:34 - 00030846 ____A C:\Users\pc\Downloads\Attachments_2012_07_10.zip
2012-07-09 00:02 - 2012-07-09 00:03 - 00020952 ____A C:\Users\pc\gia8fll9i7.exe
2012-07-08 12:30 - 2012-07-08 12:27 - 112917971 ____A C:\Users\pc\Downloads\Joel_Salatin_Real_Food_Defined.m4v
2012-07-02 06:14 - 2012-07-02 06:14 - 00001164 ____A C:\Users\pc\Downloads\s (18)
2012-06-30 10:29 - 2012-06-30 10:29 - 00001158 ____A C:\Users\pc\Downloads\s (17)
2012-06-30 01:41 - 2012-06-30 01:41 - 32719084 ____A C:\Users\pc\Downloads\Inflammation Webinar (1).mp4
2012-06-30 01:25 - 2012-06-30 01:23 - 81099227 ____A C:\Users\pc\Downloads\Emotional-Anatomy (3).wmv
2012-06-30 01:04 - 2012-06-30 01:04 - 00001186 ____A C:\Users\pc\Downloads\s (16)
2012-06-30 00:36 - 2012-06-30 00:36 - 09873328 ____A (http://yourfiledownloader.com) C:\Users\pc\Downloads\Weston_A_Price_Foundation_-_Thyroid_Adrenal_and_Lymes_2010_downloader_396a.exe
2012-06-30 00:08 - 2012-06-30 00:07 - 81099227 ____A C:\Users\pc\Downloads\Emotional-Anatomy (2).wmv
2012-06-29 23:55 - 2012-06-29 23:53 - 81099227 ____A C:\Users\pc\Downloads\Emotional-Anatomy (1).wmv
2012-06-29 23:53 - 2012-06-29 23:51 - 81099227 ____A C:\Users\pc\Downloads\Emotional-Anatomy.wmv
2012-06-29 21:51 - 2012-06-29 21:50 - 57828201 ____A C:\Users\pc\Downloads\HealingGems.wmv
2012-06-29 19:55 - 2012-06-29 19:51 - 349813065 ____A C:\Users\pc\Downloads\Digestion-20120207 2124-1 (4).wmv
2012-06-29 19:50 - 2012-06-29 19:49 - 46240828 ____A C:\Users\pc\Downloads\Thyroid Webinar 3_8_2012 (2).mp4
2012-06-29 19:22 - 2012-06-29 19:18 - 245637189 ____A C:\Users\pc\Downloads\Determining Longevity-20120410 2236-1 (4).wmv
2012-06-29 17:29 - 2012-06-29 17:25 - 245637189 ____A C:\Users\pc\Downloads\Determining Longevity-20120410 2236-1 (3).wmv
2012-06-29 17:26 - 2012-06-29 17:25 - 46240828 ____A C:\Users\pc\Downloads\Thyroid Webinar 3_8_2012 (1).mp4
2012-06-28 11:36 - 2012-06-28 11:34 - 245637189 ____A C:\Users\pc\Downloads\Determining Longevity-20120410 2236-1 (2).wmv
2012-06-28 11:28 - 2012-06-28 11:27 - 62982065 ____A C:\Users\pc\Downloads\2011-10-06 12.21 The Role of Food Allergy in Clinical Practice (1).wmv
2012-06-28 10:44 - 2012-06-28 10:44 - 00154247 ____A C:\Users\pc\Downloads\s (15)
2012-06-27 21:06 - 2012-06-27 21:06 - 04064512 ____A C:\Users\pc\Downloads\unbelievable.wmv
2012-06-26 17:16 - 2012-06-26 17:15 - 00000507 ____A C:\Users\pc\Downloads\GPSTracker.jad
2012-06-26 08:24 - 2012-06-26 08:24 - 00010400 ____A C:\Users\pc\Desktop\Chart of Payments.xlsx
2012-06-25 14:09 - 2012-06-25 14:09 - 01234768 ____A (Microsoft Corporation.) C:\Users\pc\Downloads\Setup (9).exe
2012-06-25 14:09 - 2012-06-25 14:09 - 01234768 ____A (Microsoft Corporation.) C:\Users\pc\Downloads\Setup (10).exe
2012-06-25 14:00 - 2012-06-25 14:00 - 01234768 ____A (Microsoft Corporation.) C:\Users\pc\Downloads\Setup (8).exe
2012-06-25 13:55 - 2012-06-25 13:55 - 01234768 ____A (Microsoft Corporation.) C:\Users\pc\Downloads\Setup (7).exe
2012-06-25 13:54 - 2012-06-25 13:54 - 01234768 ____A (Microsoft Corporation.) C:\Users\pc\Downloads\Setup (6).exe
2012-06-24 20:31 - 2012-06-24 20:30 - 11071055 ____A C:\Users\pc\Downloads\setupscreenhunter.zip
2012-06-23 19:16 - 2012-06-23 19:16 - 00222233 ____A C:\Users\pc\Downloads\jsal (1)
2012-06-23 16:43 - 2012-06-23 16:42 - 46240828 ____A C:\Users\pc\Downloads\Thyroid Webinar 3_8_2012.mp4
2012-06-23 16:43 - 2012-06-23 16:42 - 32719084 ____A C:\Users\pc\Downloads\Inflammation Webinar.mp4
2012-06-22 16:26 - 2012-06-13 18:12 - 00047411 ____A C:\Users\pc\Desktop\Appraisal Chart.xlsx
2012-06-21 15:23 - 2012-06-21 15:23 - 00348212 ____A C:\Users\pc\Downloads\Attachments_2012_06_21.zip
2012-06-21 08:32 - 2012-06-21 08:30 - 245637189 ____A C:\Users\pc\Downloads\Determining Longevity-20120410 2236-1 (1).wmv
2012-06-21 06:37 - 2012-06-21 06:34 - 245637189 ____A C:\Users\pc\Downloads\Determining Longevity-20120410 2236-1.wmv
2012-06-20 19:20 - 2012-06-20 19:15 - 349813065 ____A C:\Users\pc\Downloads\Digestion-20120207 2124-1 (3).wmv
2012-06-20 19:08 - 2012-06-20 19:03 - 349813065 ____A C:\Users\pc\Downloads\Digestion-20120207 2124-1 (2).wmv

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-03 13:57:30
Restore point made on: 2012-09-10 20:47:59
Restore point made on: 2012-09-11 08:20:56
Restore point made on: 2012-09-17 11:58:20
Restore point made on: 2012-09-17 14:28:17
Restore point made on: 2012-09-17 14:28:45
Restore point made on: 2012-09-17 16:26:31

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3892.52 MB
Available physical RAM: 3097.11 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3091.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:403.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:14.91 GB) (Free:14.82 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Removable 14 GB Healthy

=========================================================

Last Boot: 2012-09-17 11:54

==================== End Of Log =============================

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:17 PM

Posted 18 September 2012 - 07:11 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
0 ed683da69375aa1; C:\Windows\System32\Drivers\ed683da69375aa1.sys [84928 2012-07-13] () ATTENTION =====> Rootkit?
C:\Windows\System32\Drivers\ed683da69375aa1.sys
2012-07-09 00:02 - 2012-07-09 00:03 - 00020952 ____A C:\Users\pc\gia8fll9i7.exe
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:17 PM

Posted 27 September 2012 - 08:06 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users