Reply to thread

Message: <blockquote data-quote="ashash" data-source="post: 116973" data-attributes="member: 7542">Hi,Thanks a lot for reply ... Below is the content of FRST.txt file. Please help me to remove virus.FRST.txt---------Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 6 days old)Ran by Sanchit at 17-04-2013 13:41:23Running from E:\  Service Pack 1 (X64) OS Language: English(US) Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.==================== One Month Created Files and Folders ========2013-04-17 13:41 - 2013-04-17 13:41 - 00000000 ____D C:\FRST2013-04-10 14:01 - 2013-04-10 14:01 - 00000000 ____D C:\Windows\pss2013-04-09 21:50 - 2013-04-14 10:33 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-04-09 21:50 - 2013-04-09 21:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys2013-04-09 21:50 - 2013-04-09 21:50 - 00000000 ____D C:\Program Files\HitmanPro2013-04-09 21:49 - 2013-04-09 21:49 - 00000000 ____D C:\ProgramData\HitmanPro2013-04-09 21:11 - 2013-04-09 21:11 - 00000000 __SHD C:\found.0012013-04-09 20:41 - 2013-04-09 20:42 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe2013-04-09 10:40 - 2013-04-09 10:40 - 00006768 ____N C:\bootsqm.dat2013-04-09 10:37 - 2013-04-09 10:37 - 00000000 __SHD C:\found.0002013-04-09 08:03 - 2013-04-09 08:03 - 00000000 ____D C:\ProgramData\ltmrj2013-04-09 00:45 - 2013-04-09 00:45 - 00141080 ____A (Hilgraeve, Inc.) C:\Users\Sanchit\Desktop\jfgb.tmp2013-04-03 19:16 - 2013-04-08 09:29 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe2013-04-03 14:19 - 2013-04-03 14:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log2013-03-31 10:33 - 2013-03-31 10:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}2013-03-30 15:57 - 2013-03-30 15:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}2013-03-29 11:47 - 2013-03-30 02:10 - 00000000 ____D C:\Users\Sanchit\.android2013-03-26 22:24 - 2013-03-26 22:24 - 00000000 ____D C:\Users\Public\Juniper Networks2013-03-26 22:24 - 2012-05-05 03:17 - 00590472 ____A (Juniper Networks) C:\Windows\System32\dsNcSmartCardProv.dll2013-03-26 22:24 - 2012-05-05 03:17 - 00422024 ____A (Juniper Networks) C:\Windows\System32\dsNcCredProv.dll2013-03-26 21:29 - 2013-03-26 21:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp2013-03-26 21:25 - 2013-03-26 21:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar2013-03-26 21:25 - 2013-03-26 19:11 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk2013-03-26 21:23 - 2013-03-26 21:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar2013-03-26 01:09 - 2013-03-26 01:09 - 00000018 ____A C:\pending.un2013-03-26 01:09 - 2012-05-05 03:27 - 00099152 ____A (Juniper Networks) C:\Windows\System32\Drivers\NEOFLTR_719_20893.SYS2013-03-23 00:27 - 2013-03-23 00:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls2013-03-20 22:48 - 2013-02-12 06:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys2013-03-20 22:28 - 2013-03-20 22:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt2013-03-20 13:08 - 2013-03-20 13:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google2013-03-19 18:42 - 2013-03-19 18:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp2013-03-19 18:41 - 2013-03-26 21:29 - 572101397 ____A C:\Windows\MEMORY.DMP2013-03-19 00:07 - 2013-03-19 00:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apk==================== One Month Modified Files and Folders =======2013-04-17 10:32 - 2011-06-12 13:52 - 00000000 ____D C:\ProgramData\Sonic2013-04-14 10:34 - 2009-07-14 06:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-04-14 10:34 - 2009-07-14 06:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-04-14 10:33 - 2013-04-09 21:50 - 00001823 ____A C:\Users\Public\Desktop\HitmanPro.lnk2013-04-14 10:22 - 2013-04-10 14:01 - 00000000 ____D C:\Windows\pss2013-04-10 14:57 - 2012-08-24 23:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-04-10 14:57 - 2011-06-17 21:15 - 00000000 ____D C:\Program Files (x86)\Giraffic2013-04-10 14:57 - 2011-06-12 14:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-04-10 14:56 - 2013-01-19 15:43 - 00007284 ____A C:\Windows\setupact.log2013-04-10 14:56 - 2011-06-18 13:48 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-04-10 14:56 - 2011-06-12 14:13 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-04-10 14:56 - 2011-06-12 14:13 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-04-10 14:56 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-04-10 14:51 - 2011-06-12 13:27 - 01171389 ____A C:\Windows\WindowsUpdate.log2013-04-10 14:19 - 2009-07-14 07:13 - 00006732 ____A C:\Windows\System32\PerfStringBackup.INI2013-04-09 21:50 - 2013-04-09 21:50 - 00032152 ____A C:\Windows\System32\Drivers\hitmanpro37.sys2013-04-09 21:50 - 2013-04-09 21:50 - 00000000 ____D C:\Program Files\HitmanPro2013-04-09 21:49 - 2013-04-09 21:49 - 00000000 ____D C:\ProgramData\HitmanPro2013-04-09 21:11 - 2013-04-09 21:11 - 00000000 __SHD C:\found.0012013-04-09 20:42 - 2013-04-09 20:41 - 09741664 ____A (SurfRight B.V.) C:\Users\Sanchit\Downloads\HitmanPro_x64.exe2013-04-09 19:28 - 2011-11-19 20:25 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job2013-04-09 19:28 - 2011-06-18 13:48 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-04-09 19:28 - 2011-06-15 20:07 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000UA.job2013-04-09 10:40 - 2013-04-09 10:40 - 00006768 ____N C:\bootsqm.dat2013-04-09 10:37 - 2013-04-09 10:37 - 00000000 __SHD C:\found.0002013-04-09 08:08 - 2011-11-19 20:25 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job2013-04-09 08:03 - 2013-04-09 08:03 - 00000000 ____D C:\ProgramData\ltmrj2013-04-09 08:01 - 2011-06-18 13:47 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Skype2013-04-09 00:45 - 2013-04-09 00:45 - 00141080 ____A (Hilgraeve, Inc.) C:\Users\Sanchit\Desktop\jfgb.tmp2013-04-09 00:45 - 2011-06-15 13:01 - 00000000 ____D C:\users\Sanchit2013-04-08 23:31 - 2011-06-15 20:07 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092152589-3654524724-1465183675-1000Core.job2013-04-08 17:32 - 2011-06-15 14:17 - 00022016 ____A C:\Users\Sanchit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-04-08 09:29 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Riom2013-04-07 08:22 - 2012-07-10 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype2013-04-07 08:22 - 2011-06-12 13:57 - 00000000 ____D C:\ProgramData\Skype2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Saqivu2013-04-03 19:16 - 2013-04-03 19:16 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Essybe2013-04-03 14:19 - 2013-04-03 14:19 - 00012737 ____A C:\Users\Sanchit\Desktop\hs_err_pid12100.log2013-04-02 23:21 - 2011-08-05 19:39 - 00000000 ____D C:\Sandeep2013-04-02 14:31 - 2011-06-15 19:25 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Mozilla2013-03-31 15:32 - 2011-11-06 18:34 - 00002384 ____A C:\Users\Sanchit\Desktop\Google Chrome.lnk2013-03-31 10:33 - 2013-03-31 10:33 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{56247787-5527-4C84-AFF1-526BFB67A65B}2013-03-30 15:57 - 2013-03-30 15:57 - 00000000 ____D C:\Users\Sanchit\AppData\Local\{FD858EF5-6B23-403E-A310-157FA49C236D}2013-03-30 02:10 - 2013-03-29 11:47 - 00000000 ____D C:\Users\Sanchit\.android2013-03-30 01:14 - 2011-11-17 01:20 - 00000000 ____D C:\Users\Sanchit\workspace2013-03-29 01:07 - 2012-08-24 23:23 - 00000000 ____D C:\Users\Sanchit\Documents\Software2013-03-28 17:25 - 2011-10-26 23:00 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Windows Live2013-03-26 22:24 - 2013-03-26 22:24 - 00000000 ____D C:\Users\Public\Juniper Networks2013-03-26 22:24 - 2011-11-20 14:22 - 00000000 ____D C:\Program Files (x86)\Juniper Networks2013-03-26 22:24 - 2011-11-20 14:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Juniper Networks2013-03-26 21:29 - 2013-03-26 21:29 - 00262144 ____A C:\Windows\Minidump\032613-30997-01.dmp2013-03-26 21:29 - 2013-03-19 18:41 - 572101397 ____A C:\Windows\MEMORY.DMP2013-03-26 21:29 - 2011-09-15 02:41 - 00000000 ____D C:\Windows\Minidump2013-03-26 21:25 - 2013-03-26 21:25 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit (1).rar2013-03-26 21:23 - 2013-03-26 21:23 - 00200531 ____A C:\Users\Sanchit\Downloads\Sanchit.rar2013-03-26 19:11 - 2013-03-26 21:25 - 00205247 ____A C:\Users\Sanchit\Downloads\Sanchit.apk2013-03-26 01:09 - 2013-03-26 01:09 - 00000018 ____A C:\pending.un2013-03-23 00:27 - 2013-03-23 00:27 - 01633280 ____A C:\Users\Sanchit\Downloads\NGIN SNEC40 Multidomain ATP for TDE(For TMS import)V0.3.xls2013-03-20 22:28 - 2013-03-20 22:28 - 00000096 ____A C:\Users\Sanchit\Downloads\Menu.txt2013-03-20 13:08 - 2013-03-20 13:08 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\Google2013-03-20 13:08 - 2011-06-15 20:07 - 00000000 ____D C:\Users\Sanchit\AppData\Local\Google2013-03-20 00:59 - 2011-11-21 22:21 - 00000000 ____D C:\Users\Sanchit\AppData\Roaming\vlc2013-03-19 18:42 - 2013-03-19 18:42 - 00262144 ____A C:\Windows\Minidump\031913-30123-01.dmp2013-03-19 00:07 - 2013-03-19 00:07 - 08151705 ____A C:\Users\Sanchit\Downloads\com.goldron.bbfree-1.0.apkZeroAccess:C:\$Recycle.Bin\S-1-5-21-2092152589-3654524724-1465183675-1000\$3b99f81f31d5dbab1bcf87d0107a285aZeroAccess:C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== Restore Points  ============================================= Memory info =========================== Percentage of memory in use: 11%Total physical RAM: 4003.18 MBAvailable physical RAM: 3535.78 MBTotal Pagefile: 8004.54 MBAvailable Pagefile: 7546.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB==================== Partitions =============================1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:45.04 GB) NTFS3 Drive e: () (Removable) (Total:29.8 GB) (Free:12.95 GB) FAT32See the System Event Log for more information.============================== MBR Partition Table ==================Last Boot: 2013-04-04 08:46==================== End Of Log =============================</blockquote>

Verification

Top