|
-
November 28th, 2020, 06:21 AM
#1
 [RESOLVED] Infected with Trojan
OS Windows 8.1Pro
Internet Jio thro Dongal
of late getting redirected to the site https://ruvi.tv/x.html
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2020
Ran by my pc (administrator) on RANGA (Hewlett-Packard PPPPP-CCC#MMMMMMMM) (28-11-2020 15:31:22)
Running from C:\Users\my pc\Desktop
Loaded Profiles: my pc
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(IObit) [File not signed] C:\Program Files (x86)\MachinerData\aiWisCopy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {63b78721-85b8-11e9-8e3c-78e3b5ab55d6} - "E:\.\ShowModem.exe"
HKU\S-1-5-21-2010342076-676048620-2654598280-1001\...\MountPoints2: {ca920bc9-33c1-11e8-8b8f-78e3b5ab55d6} - "E:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
Startup: C:\Users\my pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-09-14]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1BB53701-065E-4CEF-8DC1-671D63006821} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
Task: {2E053ABF-261F-4251-828C-F1717A0F0755} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {4242DAC1-A04B-41BA-95BF-3C10781E7A01} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {48833B88-D685-43B7-A352-2D7BA1B4585F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-11] (Google Inc -> Google Inc.)
Task: {96F7BC8C-A88A-42BF-B5A4-10809965D634} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_pepper.exe [1498680 2020-11-11] (Adobe Inc. -> Adobe)
Task: {9BE51400-ED32-4120-A7E2-F217E8A96C84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
Task: {A2AE379E-54C3-4973-B43C-DEF263465762} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {A31609EB-BA9D-4823-A843-A5C29784D6DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{0F26F040-DF17-476B-8B0A-6354F6C93001}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{67CFFC19-0A2E-4829-BD2B-D694FB23E661}: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{8249B71D-B392-47D0-AE85-E29481D9A5F4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{C83C1377-4D3F-4519-ADA8-8AAB5F50E2C0}: [DhcpNameServer] 192.168.225.1 192.168.225.1
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [k7srff_enUS@k7computing.com] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\K7WebProtection.xpi => not found
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default [2020-11-28]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://google.com/"
CHR Extension: (Docs) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
CHR Extension: (Google Drive) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
CHR Extension: (Adobe Acrobat) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Skip Redirect) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaoafjdoijdconemdmodhbfpianehlon [2020-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\my pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18]
CHR Profile: C:\Users\my pc\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-20]
CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2010342076-676048620-2654598280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
R2 Main Service; C:\Program Files (x86)\MachinerData\aiWisCopy.exe [2502656 2020-11-25] (IObit) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation -> Microsoft Corporation)
S2 AnyDesk; "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service [X]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-30] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Windows -> Microsoft Corporation)
S3 MpKslf2c0ebb5; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75EDB686-453C-4F74-A5F2-631715D2897D}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-28 15:31 - 2020-11-28 15:32 - 000011030 _____ C:\Users\my pc\Desktop\FRST.txt
2020-11-28 15:30 - 2020-11-28 15:32 - 000000000 ____D C:\FRST
2020-11-28 15:27 - 2020-11-28 15:28 - 002290176 _____ (Farbar) C:\Users\my pc\Desktop\FRST64.exe
2020-11-25 18:28 - 2020-11-25 18:31 - 347373576 _____ (Emsisoft Ltd. ) C:\Users\my pc\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2020-11-25 17:13 - 2020-11-25 17:13 - 000000000 ____D C:\Users\my pc\AppData\Local\Pipeer
2020-11-25 17:12 - 2020-11-25 17:13 - 000000000 ____D C:\Program Files (x86)\MachinerData
2020-11-25 17:12 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
2020-11-25 17:12 - 2005-04-27 12:40 - 000002570 _____ C:\Windows\WINDVDBOOTRECDOE.sys
2020-11-25 17:11 - 2020-11-25 17:19 - 000000000 ____D C:\Program Files (x86)\VirtualDVI
2020-11-24 16:34 - 2020-11-24 16:34 - 000001354 _____ C:\Users\my pc\Desktop\VID-20200628-WA0004.lnk
2020-11-24 16:34 - 2020-11-24 16:34 - 000001332 _____ C:\Users\my pc\Downloads\VID-20200628-WA0004.lnk
2020-11-24 16:31 - 2020-11-24 16:31 - 008282380 _____ C:\Users\my pc\Downloads\VID-20200628-WA0004.mp4
2020-11-17 11:49 - 2020-11-17 11:49 - 000244410 _____ C:\Users\my pc\Downloads\CMVOLT_10112020.CSV
2020-11-17 11:03 - 2020-11-17 11:03 - 000243388 _____ C:\Users\my pc\Downloads\CMVOLT_14112020.CSV
2020-11-17 08:57 - 2020-11-17 08:57 - 000001070 _____ C:\Users\my pc\Desktop\Follow-Fibonacci-ratio-dynamic-approach-in-trade.lnk
2020-11-13 14:57 - 2020-11-13 14:57 - 005289700 _____ C:\Users\my pc\Downloads\VID-20201112-WA0003.mp4
2020-11-12 11:54 - 2020-11-12 11:54 - 011720050 _____ C:\Users\my pc\Downloads\DAC Rayar Kudil_compressed - Copy.pdf
2020-10-31 11:23 - 2020-10-31 11:23 - 010378893 _____ C:\Users\my pc\Downloads\EBrochure.pdf
2020-10-31 11:17 - 2020-10-31 11:17 - 000029696 _____ C:\Users\my pc\Downloads\The Bloomingdale Cost sheet.xls
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-28 15:26 - 2015-09-13 02:15 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2010342076-676048620-2654598280-1001
2020-11-28 11:35 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-27 17:08 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\NDF
2020-11-25 19:07 - 2017-12-08 17:46 - 000000000 ____D C:\Users\my pc\AppData\Local\CrashDumps
2020-11-25 14:40 - 2015-09-13 02:09 - 000000000 ____D C:\Users\my pc
2020-11-25 14:40 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-11-25 09:20 - 2017-04-11 09:13 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-24 11:23 - 2020-01-07 11:08 - 000018432 _____ C:\Users\my pc\Desktop\Fibo retrace1 (1).xls
2020-11-18 09:21 - 2018-01-11 19:16 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-12 09:09 - 2015-11-21 18:29 - 000000000 ____D C:\Users\my pc\AppData\Local\ElevatedDiagnostics
2020-11-11 10:21 - 2018-01-11 19:32 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-11-11 10:21 - 2018-01-11 19:32 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-11-11 10:21 - 2013-08-22 21:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-11-11 10:21 - 2013-08-22 21:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-11 10:21 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-11-11 10:21 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2020-11-05 19:34 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
==================== Files in the root of some directories ========
2016-10-11 19:02 - 2016-10-11 19:02 - 000007609 _____ () C:\Users\my pc\AppData\Local\Resmon.ResmonCfg
2016-10-06 20:13 - 2016-10-06 20:13 - 000000000 _____ () C:\Users\my pc\AppData\Local\{F2E70E13-5AC6-4D9F-9E10-3CD44B0850E1}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-11-24 08:58
==================== End of FRST.txt ========================
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
