1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive-A Combofix log/virus?

Discussion in 'Malware and Virus Removal Archive' started by iandrew j, 2015/05/21.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2015/05/27
    iandrew j

    iandrew j Inactive Thread Starter

    Joined:
    2015/05/21
    Messages:
    17
    Likes Received:
    0
    Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015
    Ran by AJ at 2015-05-27 20:05:50 Run:1
    Running from C:\Users\AJ\Desktop
    Loaded Profiles: AJ & (Available Profiles: Andrew & AJ)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3125523586-3299264989-3205645881-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    S1 hejcxfna; No ImagePath
    S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
    S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
    S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
    S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
    S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
    S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
    U3 BcmSqlStartupSvc; No ImagePath
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U2 IviRegMgr; No ImagePath
    U2 RichVideo; No ImagePath
    U3 SQLWriter; No ImagePath
    2015-05-24 22:15 - 2015-05-25 01:09 - 0186101 _____ () C:\Users\AJ\AppData\Local\ars.cache
    2015-05-24 22:15 - 2015-05-25 01:09 - 0880386 _____ () C:\Users\AJ\AppData\Local\census.cache
    2015-01-02 23:37 - 2015-01-25 07:55 - 0006656 _____ () C:\Users\AJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-24 21:29 - 2015-05-24 21:29 - 0000036 _____ () C:\Users\AJ\AppData\Local\housecall.guid.cache
    2015-05-24 21:36 - 2015-05-24 22:16 - 0000010 _____ () C:\Users\AJ\AppData\Local\sponge.last.runtime.cache
    2012-02-14 19:52 - 2011-02-18 10:11 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
    2012-02-14 19:52 - 2011-02-13 16:32 - 0000235 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2015-02-08 04:02 - 2015-02-08 04:02 - 0017780 _____ () C:\ProgramData\SMRResults430.dat
    C:\ProgramData\SMRResults430.dat
    C:\Users\Andrew\jagex_runescape_preferences.dat
    C:\Users\Andrew\jagex_runescape_preferences2.dat
    C:\Windows\Tasks\{E03502AF-5957-00E3-B84F-1EE5374BE79E}.job
    C:\Windows\System32\seetla.dll
    DeleteKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BA8B8ADA-084F-4F79-A0CA-6E58A0808794} "
    Task: {3BC21448-998E-40A6-90F1-CF158B07861F} - \RealPlayer Cloud (32-bit) No Task File <==== ATTENTION
    Task: {86F5C42D-34C2-4E5E-8453-9EEEAFA18BAE} - \Updater19962.exe No Task File <==== ATTENTION


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    "HKU\S-1-5-21-3125523586-3299264989-3205645881-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key Removed successfully
    hejcxfna => Service Removed successfully
    AVGIDSDriver => Service Removed successfully
    AVGIDSHA => Service Removed successfully
    Avgldx64 => Service Removed successfully
    Avgloga => Service Removed successfully
    Avgmfx64 => Service Removed successfully
    Avgrkx64 => Service Removed successfully
    BcmSqlStartupSvc => Service Removed successfully
    catchme => Service Removed successfully
    IviRegMgr => Service Removed successfully
    RichVideo => Service Removed successfully
    SQLWriter => Service Removed successfully
    C:\Users\AJ\AppData\Local\ars.cache => Moved successfully.
    C:\Users\AJ\AppData\Local\census.cache => Moved successfully.
    C:\Users\AJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\AJ\AppData\Local\housecall.guid.cache => Moved successfully.
    C:\Users\AJ\AppData\Local\sponge.last.runtime.cache => Moved successfully.
    C:\ProgramData\ezsidmv.dat => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => Moved successfully.
    C:\ProgramData\SMRResults430.dat => Moved successfully.
    "C:\ProgramData\SMRResults430.dat" => File/Folder not found.
    C:\Users\Andrew\jagex_runescape_preferences.dat => Moved successfully.
    C:\Users\Andrew\jagex_runescape_preferences2.dat => Moved successfully.
    C:\Windows\Tasks\{E03502AF-5957-00E3-B84F-1EE5374BE79E}.job => Moved successfully.
    C:\Windows\System32\seetla.dll => Moved successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BA8B8ADA-084F-4F79-A0CA-6E58A0808794} => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BC21448-998E-40A6-90F1-CF158B07861F}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BC21448-998E-40A6-90F1-CF158B07861F}" => key Removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayer Cloud (32-bit) => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86F5C42D-34C2-4E5E-8453-9EEEAFA18BAE}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F5C42D-34C2-4E5E-8453-9EEEAFA18BAE}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater19962.exe" => key Removed successfully

    ==== End of Fixlog 20:05:52 ====
     
    iandrew j,
    #21
  2. 2015/05/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #22


  3. to hide this advert.

  4. 2015/05/28
    iandrew j

    iandrew j Inactive Thread Starter

    Joined:
    2015/05/21
    Messages:
    17
    Likes Received:
    0
    Results of screen317's Security Check version 1.002
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 45
    Adobe Flash Player 11.7.700.224 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 33.0.2 Firefox out of Date!
    Google Chrome (41.0.2272.118)
    Google Chrome (42.0.2311.90)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
    iandrew j,
    #23
  5. 2015/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still waiting for other logs.
     
    broni,
    #24
  6. 2015/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #25
  7. 2015/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
    broni,
    #26
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...