Jump to content

hwhamburg

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Find the ComboFix log at the end of this post. As far as how the computer is doing now: Much better. I am able to start in normal mode without any strange processes and can access the internet and use Google Chrome as normal. The computer is a bit start to load, but nothing crazy. I will post the log just in case you see anything abnormal. ComboFix log: ComboFix 13-03-17.01 - Austin Glass 03/18/2013 21:32:55.1.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1767.1324 [GMT -4:00] Running from: c:\users\Austin Glass\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js . . ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 ))))))))))))))))))))))))))))))) . . 2013-03-19 01:37 . 2013-03-19 01:38 -------- d-----w- c:\users\Austin Glass\AppData\Local\temp 2013-03-19 01:37 . 2013-03-19 01:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-19 01:37 . 2013-03-19 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-19 00:43 . 2013-03-19 00:43 -------- d--h--w- c:\windows\PIF 2013-03-17 21:00 . 2013-03-17 21:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F384933E-499B-4477-B2E7-7AA16B930152}\offreg.dll 2013-03-14 16:33 . 2013-03-14 16:33 -------- d-----w- c:\users\Austin Glass\.thumbnails 2013-03-14 16:32 . 2013-03-14 16:32 -------- d-----w- c:\users\Austin Glass\AppData\Local\fontconfig 2013-03-14 16:32 . 2013-03-18 20:24 -------- d-----w- c:\users\Austin Glass\.gimp-2.8 2013-03-14 16:32 . 2013-03-14 16:32 -------- d-----w- c:\users\Austin Glass\AppData\Local\gegl-0.2 2013-03-14 16:28 . 2013-03-14 16:30 -------- d-----w- c:\program files\GIMP 2 2013-03-05 22:20 . 2013-03-05 22:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-05 22:20 . 2013-03-05 22:20 -------- d-----w- c:\program files\Java 2013-03-03 02:35 . 2013-03-03 02:35 -------- d-----w- c:\program files\WinSCP 2013-02-20 21:11 . 2013-02-10 03:20 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-20 21:11 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll 2013-02-20 21:11 . 2013-02-10 03:20 7964680 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-20 21:11 . 2013-02-10 03:20 6267240 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-20 21:11 . 2013-02-10 03:20 2726176 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-20 21:11 . 2013-02-10 03:20 20534560 ----a-w- c:\windows\system32\nvoglv32.dll 2013-02-20 21:11 . 2013-02-10 03:20 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-20 21:11 . 2013-02-10 03:20 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-20 21:11 . 2013-02-10 03:20 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-02-20 21:11 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 23:46 . 2012-09-26 19:11 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 23:46 . 2012-09-26 19:11 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-05 22:20 . 2012-08-19 16:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-05 22:20 . 2012-08-19 16:47 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-10 03:20 . 2009-09-21 21:59 15038296 ----a-w- c:\windows\system32\nvd3dum.dll 2013-02-10 03:20 . 2009-09-21 21:59 2528840 ----a-w- c:\windows\system32\nvapi.dll 2013-02-10 00:35 . 2010-01-05 20:50 4115232 ----a-w- c:\windows\system32\nvcpl.dll 2013-02-10 00:35 . 2010-01-05 20:50 3010336 ----a-w- c:\windows\system32\nvsvc.dll 2013-02-10 00:35 . 2010-01-05 20:50 634144 ----a-w- c:\windows\system32\nvvsvc.exe 2013-02-10 00:35 . 2010-01-05 20:50 2555168 ----a-w- c:\windows\system32\nvsvcr.dll 2013-02-10 00:35 . 2010-01-05 20:50 223008 ----a-w- c:\windows\system32\nvmctray.dll 2013-02-10 00:35 . 2009-07-27 22:39 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-02-09 23:43 . 2013-02-09 23:43 555808 ----a-w- c:\windows\system32\nvStreaming.exe 2012-12-26 20:09 . 2012-12-26 20:09 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-12-26 20:09 . 2012-12-26 20:09 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-12-26 20:09 . 2012-12-26 20:09 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-12-26 20:09 . 2012-12-26 20:09 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-12-26 20:09 . 2012-12-26 20:09 161792 ----a-w- c:\windows\system32\msls31.dll 2012-12-26 20:09 . 2012-12-26 20:09 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:09 . 2012-12-26 20:09 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-12-26 20:09 . 2012-12-26 20:09 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-12-26 20:09 . 2012-12-26 20:09 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-12-26 20:09 . 2012-12-26 20:09 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-12-26 20:09 . 2012-12-26 20:09 367104 ----a-w- c:\windows\system32\html.iec 2012-12-26 20:09 . 2012-12-26 20:09 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-12-26 20:09 . 2012-12-26 20:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-26 20:09 . 2012-12-26 20:09 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-26 20:09 . 2012-12-26 20:09 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-12-26 20:09 . 2012-12-26 20:09 152064 ----a-w- c:\windows\system32\wextract.exe 2012-12-26 20:09 . 2012-12-26 20:09 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-12-26 20:09 . 2012-12-26 20:09 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-12-26 20:09 . 2012-12-26 20:09 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-12-26 20:09 . 2012-12-26 20:09 11776 ----a-w- c:\windows\system32\mshta.exe 2012-12-26 20:09 . 2012-12-26 20:09 101888 ----a-w- c:\windows\system32\admparse.dll 2012-12-26 20:08 . 2012-12-26 20:08 801792 ----a-w- c:\windows\system32\FntCache.dll 2012-12-26 20:08 . 2012-12-26 20:08 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-12-26 20:08 . 2012-12-26 20:08 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2012-12-26 20:08 . 2012-12-26 20:08 3181568 ----a-w- c:\windows\system32\mf.dll 2012-12-26 20:08 . 2012-12-26 20:08 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-12-26 20:08 . 2012-12-26 20:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-12-26 20:08 . 2012-12-26 20:08 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-12-26 20:08 . 2012-12-26 20:08 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2012-12-26 20:08 . 2012-12-26 20:08 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll 2012-12-26 20:08 . 2012-12-26 20:08 135168 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-12-26 20:08 . 2012-12-26 20:08 107520 ----a-w- c:\windows\system32\cdd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Austin Glass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD or CD Sharing] 2009-09-21 19:17 460088 ----a-w- c:\program files\DVD or CD Sharing\ODSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-11-08 01:34 1199576 ----a-w- c:\users\Austin Glass\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-12-15 21:41 1354736 ----a-w- c:\program files\Steam\Steam.exe . R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x] R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x] R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x] R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x] R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x86.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S1 prio;prio;c:\windows\System32\drivers\prio.sys [x] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-14 15:55 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 23:46] . 2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 21:36] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 21:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://searchou.com/?affil=7&uid=6db29b80-f9ff-11e1-908d-34159e981848 mStart Page = hxxp://searchou.com/?affil=7&uid=6db29b80-f9ff-11e1-908d-34159e981848 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-18 21:39:22 ComboFix-quarantined-files.txt 2013-03-19 01:39 . Pre-Run: 47,554,793,472 bytes free Post-Run: 47,164,350,464 bytes free . - - End Of File - - 6BE03BB5DF418FF8E874684227CFB94F
  2. Thanks for the quick response! Just as a side note, I am running these programs in safe mode with networking due to my lack working internet software on regular mode. Here are the logs requested, in order. Security Check: Results of screen317's Security Check version 0.99.61 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner JavaFX 2.1.1 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` AdwCleaner: # AdwCleaner v2.115 - Logfile created 03/18/2013 at 21:02:32 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Ultimate (32 bits) # User : Austin Glass - ANONYMOUSE # Boot Mode : Safe mode with networking # Running from : C:\Users\Austin Glass\Desktop\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.172 File : C:\Users\Austin Glass\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s2].txt - [691 octets] - [18/03/2013 21:02:32] ########## EOF - C:\AdwCleaner[s2].txt - [750 octets] ########## RogueKiller: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Safe mode with network support User : Austin Glass [Admin rights] Mode : Remove -- Date : 03/18/2013 21:08:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9SA02 ATA Device +++++ --- User --- [MBR] 64dd9d3caab4126f3ad4ec5c3b6da714 [bSP] 7c45153dc292907a25795b8e40c0cdd2 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 142097 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 291688448 | Size: 96049 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03182013_02d2108.txt >> RKreport[1]_S_03182013_02d2107.txt ; RKreport[2]_D_03182013_02d2108.txt Thanks again!
  3. Hello anyone. Computer was recently infected with Magnipic.exe. Can't start internet browsers or anti-malware programs in normal mode. Ran Malwarebytes quick scan as per instructions, which found nothing. find attached the two requested dds logs. Thanks so much for your help! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.