Solved - Computer acting infected again. Scan result of Farbar Recovery Scan Tool (FRST) (x. Version: 2. 9- 0. Ran by jerry (administrator) on JERRY- PC (0. Running from C: \Users\jerry\Downloads. Loaded Profiles: jerry (Available Profiles: jerry)Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X8. Language: English (United States)Internet Explorer Version 9 (Default browser: FF)Boot Mode: Normal. Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(ATI Technologies Inc.) C: \Windows\System. Ati. 2evxx. exe(Microsoft Corporation) C: \Windows\System. SLsvc. exe(ATI Technologies Inc.) C: \Windows\System. Ati. 2evxx. exe(Realtek Semiconductor) C: \Windows\Rt. · I use Windows 7 Ultimate. To my knowledge, I don't use SideBySide. Whatever that is. My Event Viewer reports the following from source "SideBySide":Event ID. HDVCpl. exe(Skype Technologies S. A.) C: \Program Files\Skype\Phone\Skype. AVG Technologies CZ, s. C: \Program Files\AVG\Framework\Common\avgsvcx. AVG Technologies CZ, s. C: \Program Files\AVG\Av\avgwdsvcx. Inter. Video) C: \Program Files\Common Files\Inter. Video\Reg. Mgr\ivi. Reg. Mgr. exe(Hewlett- Packard Company) C: \Program Files\Common Files\Light. Scribe\LSSrvc. exe(AVG Technologies CZ, s. C: \Program Files\AVG\Av\avgui. AVG Technologies CZ, s. C: \Program Files\AVG\Framework\Common\avguix. C: \ACER\Mobility Center\Mobility. Service. exe(Microsoft Corporation) C: \Program Files\Windows Media Player\wmpnscfg. C: \Combo. Fix\PEV. Farbar) C: \Users\jerry\Downloads\FRST(1). Registry (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\..\Run: [Avg. Ui] => C: \Program Files\AVG\Framework\Common\avguirnx. AVG Technologies CZ, s. HKLM\..\Run: [AVG_UI] => C: \Program Files\AVG\Framework\Common\avguirnx. AVG Technologies CZ, s. HKLM\..\Run: [Rt. HDVCpl] => C: \Windows\Rt. HDVCpl. exe [6. 26. Realtek Semiconductor)HKLM\..\Run: [Skytel] => C: \Windows\Skytel. Realtek Semiconductor Corp.)HKLM\..\Run: [Canon. Quick. Menu] => C: \Program Files\Canon\Quick Menu\CNQMMAIN. EXE [1. 29. 84. 56 2. CANON INC.)HKU\S- 1- 5- 2. Run: [CCleaner Monitoring] => C: \Program Files\CCleaner\CCleaner. Piriform Ltd)HKU\S- 1- 5- 2. Run: [Skype] => C: \Program Files\Skype\Phone\Skype. Skype Technologies S. A.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [Dhcp. Name. Server] 1. 92. Tcpip\.\Interfaces\{7. BAE- 3. FE6- 4. 8B6- 8. DA3- FF4. DE6. 60. F4}: [Dhcp. Name. Server] 1. 92. 1. Internet Explorer: ==================HKU\. DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp: //www. HKU\. DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp: //www. HKU\S- 1- 5- 2. 1- 4. Software\Microsoft\Internet Explorer\Main,Start Page = hxxp: //us. US_Home. Page. HKU\S- 1- 5- 2. Software\Microsoft\Internet Explorer\Main,Search Page = hxxp: //www. Search. Scopes: HKLM - > {6. A2. 56. 8C- 7. A0. A- 4. EED- AECC- B5. DE6. 3B6. 4} URL = hxxp: //www. Terms}& rls=com. Encoding}& oe={output. Encoding}& rlz=1. I7. ACAWSearch. Scopes: HKU\S- 1- 5- 1. Default. Scope {0. EE9. 3- D7. 76- 4. A0. FF- E1. 41. 6B8. B2. E3. A} URL =Search. Scopes: HKU\S- 1- 5- 2. Default. Scope {0. EE9. 3- D7. 76- 4. A0. FF- E1. 41. 6B8. B2. E3. A} URL =Search. Scopes: HKU\S- 1- 5- 2. Default. Scope {4. AB4. FD8- C8. 33- 4. E4- 8. 22. 6- 2. 6D2. A1. E7. EC0. 1} URL = hxxp: //us. US_Default. Search. Engine& p={search. Terms}Search. Scopes: HKU\S- 1- 5- 2. AB4. FD8- C8. 33- 4. E4- 8. 22. 6- 2. 6D2. A1. E7. EC0. 1} URL = hxxp: //us. US_Default. Search. Engine& p={search. Terms}Handler: ms- itss - {0. A9. 00. 7C0- 4. 07. D3- 8. 78. 9- 0. 00. F8. 10. 57. 54} - c: \Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss. Microsoft Corporation)Fire. Fox: ========FF Profile. Path: C: \Users\jerry\App. Data\Roaming\Mozilla\Firefox\Profiles\ihec. FF Homepage: Mozilla\Firefox\Profiles\ihec. FF Extension: (Ebates Cash Back) - C: \Users\jerry\App. Data\Roaming\Mozilla\Firefox\Profiles\ihec. Extensions\{3. 5d. FF Extension: (Adblock Plus) - C: \Users\jerry\App. Data\Roaming\Mozilla\Firefox\Profiles\ihec. Extensions\{d. 10d. FF Extension: (Diagnostics) - C: \Users\jerry\App. Data\Roaming\Mozilla\Firefox\Profiles\ihec. FF Extension: (Send HSTS Priming Requests) - C: \Users\jerry\App. Data\Roaming\Mozilla\Firefox\Profiles\ihec. FF HKLM\..\Firefox\Extensions: [{2. C: \Windows\Microsoft. NET\Framework\v. 3. Windows Presentation Foundation\Dot. Net. Assistant. Extension. FF Extension: (Microsoft . NET Framework Assistant) - C: \Windows\Microsoft. NET\Framework\v. 3. Windows Presentation Foundation\Dot. Net. Assistant. Extension [2. FF Plugin: @adobe. Flash. Player - > C: \Windows\system. Macromed\Flash\NPSWF3. FF Plugin: @microsoft. WPF,version=3. 5 - > C: \Windows\Microsoft. NET\Framework\v. 3. Windows Presentation Foundation\NPWPF. Microsoft Corporation)FF Plugin: Adobe Reader - > C: \Program Files\Adobe\Reader 1. Reader\AIR\nppdf. Adobe Systems Inc.)==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 AVGIDSAgent; C: \Program Files\AVG\Av\avgidsagent. AVG Technologies CZ, s. R2 avgsvc; C: \Program Files\AVG\Framework\Common\avgsvcx. AVG Technologies CZ, s. R2 avgwd; C: \Program Files\AVG\Av\avgwdsvcx. AVG Technologies CZ, s. R2 Light. Scribe. Service; C: \Program Files\Common Files\Light. Scribe\LSSrvc. exe [6. Hewlett- Packard Company) [File not signed]R2 Mobility. Service; C: \Acer\Mobility Center\Mobility. Service. exe [1. 10. File not signed]S3 Win. Defend; C: \Program Files\Windows Defender\mpsvc. Microsoft Corporation)===================== Drivers (Whitelisted) ======================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R0 ahcix. C: \Windows\System. DRIVERS\ahcix. 86s. AMD Technologies Inc.)R1 Avgdiskx; C: \Windows\System. DRIVERS\avgdiskx. AVG Technologies CZ, s. R1 AVGIDSDriver; C: \Windows\System. DRIVERS\avgidsdriverx. AVG Technologies CZ, s. R0 AVGIDSHX; C: \Windows\System. DRIVERS\avgidshx. AVG Technologies CZ, s. R1 AVGIDSShim; C: \Windows\System. DRIVERS\avgidsshimx. AVG Technologies CZ, s. R1 Avgldx. 86; C: \Windows\System. DRIVERS\avgldx. 86. AVG Technologies CZ, s. R0 Avglogx; C: \Windows\System. DRIVERS\avglogx. sys [2. AVG Technologies CZ, s. R0 Avgmfx. 86; C: \Windows\System. DRIVERS\avgmfx. 86. AVG Technologies CZ, s. R0 Avgrkx. 86; C: \Windows\System. DRIVERS\avgrkx. 86. AVG Technologies CZ, s. R1 Avgtdix; C: \Windows\System. DRIVERS\avgtdix. sys [2. AVG Technologies CZ, s. R0 Avgunivx; C: \Windows\System. DRIVERS\avgunivx. AVG Technologies CZ, s. S3 MBAMSwiss. Army; C: \Windows\system. MBAMSwiss. Army. sys [1. Malwarebytes)U5 App. Mgmt; C: \Windows\system. Microsoft Corporation)U3 catchme; \??\C: \Users\jerry\App. Data\Local\Temp\catchme. X]S3 Win. Ring. 0_1_2_0; \??\C: \Program Files\Turbo. Your. PC\Service. X]U3 mbr; \??\C: \Combo. Fix\mbr. sys [X]==================== Net. Svcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2. SD C: \Combo. Fix. R (Swearware) C: \Users\jerry\Desktop\Combo. Fix. exe. 20. 17- 0. D C: \Qoobox. 20. C: \Windows\PEV. exe. C: \Windows\MBR. exe. Nir. Soft) C: \Windows\NIRCMD. Steel. Wer. X) C: \Windows\SWREG. Steel. Wer. X) C: \Windows\SWSC. C: \Windows\sed. exe. C: \Windows\grep. C: \Windows\zip. exe. SD C: \3. 27. 88. R2. 2FWJFW2. 01. 7- 0. C: \Users\jerry\Desktop\JRT. Malwarebytes) C: \Users\jerry\Downloads\JRT. D C: \Adw. Cleaner. C: \Users\jerry\Downloads\Adw. Cleaner. exe. 20. C: \Users\Public\Desktop\Rogue. Killer. lnk. 20. 17- 0. D C: \Program. Data\Microsoft\Windows\Start Menu\Programs\Rogue. Killer. 20. 17- 0. D C: \Program Files\Rogue. Killer. 20. 17- 0. Adlice Software ) C: \Users\jerry\Downloads\setup. Farbar) C: \Users\jerry\Downloads\FRST(1). C: \Windows\Tasks\REGUtilities Task. D C: \Program. Data\REGUtilities. Tuneup System Software Pvt Ltd. C: \Users\jerry\Downloads\REGUtilities_1. Setup. exe. 20. 17- 0. Seven Servos Software Pvt Ltd.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2018
Categories |