Bigd993
Members-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Bigd993
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
Ok thanks for clarifying that. I have no more questions. And again thank you for your help .- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
Thank you for all your help ! Now I have one more question, is there a way for me to check to make sure that isearch.whitesmoke is completely gone from my system?- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
I see no signs of whitesmoke on IE or Chrome so far. After doing the OTL fix these are the logs: ========== OTL ========== HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! OTL by OldTimer - Version 3.2.31.0 log created on 02142012_184056 As for the ESET Scan it said there were no threats and there was no option for me to List Threats or to Export the logs.- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
Extra.txt OTL Extras logfile created on: 2/13/2012 6:10:50 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.40% Memory free 15.97 Gb Paging File | 14.47 Gb Available in Paging File | 90.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 346.35 Gb Free Space | 74.38% Space Free | Partition Type: NTFS Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java 6 Update 30 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.4.0.1 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Battlelog Web Plugins" = Battlelog Web Plugins "ESN Sonar-0.70.4" = ESN Sonar "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "LOLReplay" = LOLReplay "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "ManiaPlanet_is1" = ManiaPlanet "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "SpeedFan" = SpeedFan (remove only) "Steam App 105600" = Terraria "Steam App 201190" = Magic: The Gathering – Tactics "Steam App 24200" = DC Universe Online "Steam App 400" = Portal "Steam App 40800" = Super Meat Boy "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "Steam App 630" = Alien Swarm "Steam App 65800" = Dungeon Defenders "Steam App 90530" = Rise of Immortals "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2/9/2012 7:35:43 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/10/2012 8:23:13 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/11/2012 8:03:19 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/11/2012 8:13:07 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/11/2012 8:18:18 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/12/2012 7:11:33 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/12/2012 7:27:28 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/12/2012 7:32:10 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = Error - 2/12/2012 10:05:15 PM | Computer Name = Nick-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 2/13/2012 7:03:28 PM | Computer Name = Nick-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2/11/2012 8:01:55 PM | Computer Name = Nick-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 2/11/2012 8:09:07 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/11/2012 8:10:21 PM | Computer Name = Nick-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 2/11/2012 8:10:36 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/11/2012 8:11:22 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 2/12/2012 7:20:38 PM | Computer Name = Nick-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1741.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 2/12/2012 7:23:42 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/12/2012 7:25:00 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2/12/2012 7:25:43 PM | Computer Name = Nick-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 2/13/2012 7:02:07 PM | Computer Name = Nick-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 < End of report >- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
OTL.txt OTL logfile created on: 2/13/2012 6:10:50 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.40% Memory free 15.97 Gb Paging File | 14.47 Gb Available in Paging File | 90.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 346.35 Gb Free Space | 74.38% Space Free | Partition Type: NTFS Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/13 18:09:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe PRC - [2012/02/10 19:21:53 | 000,481,064 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/01/08 01:32:01 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/01/08 00:27:25 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ========== Modules (No Company Name) ========== MOD - [2012/02/10 19:21:52 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/02/10 19:21:52 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2012/02/10 19:21:52 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/02/10 19:21:52 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2012/02/10 19:21:52 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2012/01/27 03:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll MOD - [2012/01/27 03:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll MOD - [2012/01/27 03:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll MOD - [2012/01/27 03:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll MOD - [2012/01/27 03:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/02/10 19:21:53 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/08 01:32:01 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/08/23 08:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/08/17 05:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011/08/17 05:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/13 22:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) DRV:64bit: - [2010/12/13 22:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) DRV:64bit: - [2010/12/13 22:54:12 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010/12/13 22:54:12 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2) DRV:64bit: - [2010/12/13 22:54:12 | 000,024,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/03/18 11:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 B6 7D 29 DE CC CC 01 [binary data] IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKU\S-1-5-21-50768725-1865399903-385665525-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-50768725-1865399903-385665525-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012/01/25 20:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/08 20:32:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/02/12 18:25:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-50768725-1865399903-385665525-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-50768725-1865399903-385665525-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-50768725-1865399903-385665525-1001..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-50768725-1865399903-385665525-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-50768725-1865399903-385665525-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-50768725-1865399903-385665525-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B440EB5C-0B0A-4B9D-8E19-E83BF698D7C1}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/13 18:09:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe [2012/02/12 18:31:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/02/12 18:28:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/02/12 02:56:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012/02/11 22:15:14 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\BigHugeEngine [2012/02/11 19:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/02/11 19:04:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/02/11 19:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/02/11 19:04:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/02/11 19:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/08 16:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/08 16:44:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/08 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/02/08 16:38:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Malwarebytes [2012/02/08 16:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/03 19:05:47 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SCE [2012/01/31 01:36:04 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/31 01:36:03 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/31 01:36:03 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/31 01:36:03 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/31 01:36:03 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/31 01:36:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/25 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/01/23 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Skype [2012/01/23 02:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/01/23 02:47:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/01/23 02:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/01/21 22:35:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\DolbyAxon [2012/01/21 22:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon [2012/01/21 22:35:54 | 002,262,960 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx [2012/01/21 22:35:54 | 000,571,312 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx [2012/01/21 22:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DolbyAxon [2012/01/15 18:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2012/01/15 18:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/13 18:09:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Desktop\OTL.exe [2012/02/13 18:08:51 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 18:08:51 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/13 18:08:36 | 000,782,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/13 18:08:36 | 000,662,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/13 18:08:36 | 000,121,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/13 18:01:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/13 18:01:36 | 2134,302,719 | -HS- | M] () -- C:\hiberfil.sys [2012/02/13 02:20:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000UA.job [2012/02/12 18:25:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/02/12 18:18:48 | 000,013,328 | ---- | M] () -- C:\Users\Nick\Desktop\ComboFix - Shortcut.lnk [2012/02/08 21:21:57 | 000,002,387 | ---- | M] () -- C:\Users\Nick\Desktop\Google Chrome.lnk [2012/02/08 17:20:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000Core.job [2012/02/08 16:44:42 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/05 21:35:16 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/02/05 21:35:16 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/02/05 21:31:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/02/05 19:55:32 | 000,000,198 | ---- | M] () -- C:\Users\Nick\Desktop\Rise of Immortals.url [2012/02/05 18:35:40 | 000,000,219 | ---- | M] () -- C:\Users\Nick\Desktop\Alien Swarm.url [2012/02/05 18:25:37 | 000,000,221 | ---- | M] () -- C:\Users\Nick\Desktop\DC Universe Online.url [2012/02/03 18:02:57 | 000,000,222 | ---- | M] () -- C:\Users\Nick\Desktop\Magic The Gathering Tactics.url [2012/01/27 00:41:05 | 000,000,219 | ---- | M] () -- C:\Users\Nick\Desktop\Dota 2.url [2012/01/23 02:47:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/01/21 22:35:55 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Dolby Axon.lnk [2012/01/18 18:34:11 | 000,000,221 | ---- | M] () -- C:\Users\Nick\Desktop\Dungeon Defenders.url [2012/01/15 18:09:11 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/12 18:18:48 | 000,013,328 | ---- | C] () -- C:\Users\Nick\Desktop\ComboFix - Shortcut.lnk [2012/02/11 19:04:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/02/11 19:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/02/11 19:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/02/11 19:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/02/11 19:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/08 16:44:42 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/05 19:55:32 | 000,000,198 | ---- | C] () -- C:\Users\Nick\Desktop\Rise of Immortals.url [2012/02/05 18:35:40 | 000,000,219 | ---- | C] () -- C:\Users\Nick\Desktop\Alien Swarm.url [2012/02/05 18:25:37 | 000,000,221 | ---- | C] () -- C:\Users\Nick\Desktop\DC Universe Online.url [2012/02/03 18:02:56 | 000,000,222 | ---- | C] () -- C:\Users\Nick\Desktop\Magic The Gathering Tactics.url [2012/01/27 00:41:05 | 000,000,219 | ---- | C] () -- C:\Users\Nick\Desktop\Dota 2.url [2012/01/25 20:57:18 | 000,002,387 | ---- | C] () -- C:\Users\Nick\Desktop\Google Chrome.lnk [2012/01/23 02:47:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/01/21 22:35:55 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Dolby Axon.lnk [2012/01/18 18:34:11 | 000,000,221 | ---- | C] () -- C:\Users\Nick\Desktop\Dungeon Defenders.url [2012/01/15 18:09:11 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2012/01/08 00:48:03 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/01/08 00:48:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/01/06 20:48:49 | 000,775,586 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report >- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
So far I don't see whitesmoke on my browsers, but in the most recent logs after dragging the script onto the combofix it still shows isearch.whitesmoke in the logs. ComboFix 12-02-11.03 - Nick 02/12/2012 18:19:57.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6825 [GMT -5:00] Running from: c:\users\Nick\Downloads\ComboFix.exe Command switches used :: c:\users\Nick\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))) . . 2012-02-12 23:24 . 2012-02-12 23:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-02-12 23:24 . 2012-02-12 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-12 07:56 . 2012-02-12 07:56 -------- d--h--w- c:\windows\msdownld.tmp 2012-02-12 03:15 . 2012-02-12 03:15 -------- d-----w- c:\users\Nick\AppData\Roaming\BigHugeEngine 2012-02-12 00:19 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8DAE0D9-C37B-458E-9BCC-18B5EC49616E}\mpengine.dll 2012-02-11 00:34 . 2012-02-11 00:34 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45DD2621-98C2-4723-9AB6-84D30C8E3BF1}\gapaengine.dll 2012-02-11 00:34 . 2011-10-04 22:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-08 21:44 . 2012-02-08 21:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-08 21:44 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-08 21:38 . 2012-02-08 21:38 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes 2012-02-08 21:38 . 2012-02-08 21:38 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 19:42 . 2007-05-24 02:26 100352 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL 2012-02-04 00:05 . 2012-02-04 00:05 -------- d-----w- c:\users\Nick\AppData\Local\SCE 2012-01-23 07:47 . 2012-01-28 06:51 -------- d-----w- c:\users\Nick\AppData\Roaming\Skype 2012-01-23 07:47 . 2012-01-23 07:47 -------- d-----r- c:\program files (x86)\Skype 2012-01-23 07:47 . 2012-01-23 07:47 -------- d-----w- c:\programdata\Skype 2012-01-22 03:35 . 2011-06-29 18:08 571312 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx 2012-01-22 03:35 . 2011-06-29 18:08 2262960 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx 2012-01-22 03:35 . 2012-01-22 03:35 -------- d-----w- c:\program files (x86)\DolbyAxon 2012-01-15 23:09 . 2012-01-15 23:09 -------- d-----w- c:\program files (x86)\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 02:35 . 2012-01-08 06:27 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-02-06 02:35 . 2012-01-08 05:48 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-02-06 02:31 . 2012-01-08 05:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 22:20 . 2012-01-11 22:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-09 01:46 . 2012-01-09 01:46 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-09 01:32 . 2012-01-09 01:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-08 06:32 . 2012-01-08 05:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-01-06 05:15 . 2012-01-08 03:14 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-24 04:52 . 2012-01-08 02:53 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 14:58 . 2012-01-11 22:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 22:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:41 . 2012-01-11 22:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 05:38 . 2012-01-11 22:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-12_00.11.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-02-12 23:15 25010 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-12 23:15 30606 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-07 14:35 . 2012-02-12 07:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-07 14:35 . 2012-02-08 21:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-07 14:35 . 2012-02-08 21:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-01-07 14:35 . 2012-02-12 07:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-02-08 21:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-02-12 07:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-07 01:45 . 2012-02-12 23:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-07 01:45 . 2012-02-12 00:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-02-12 23:12 92736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-01-07 01:45 . 2012-02-12 23:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-01-07 01:45 . 2012-02-12 00:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-01-07 01:45 . 2012-02-12 00:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-07 01:45 . 2012-02-12 23:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-07 01:46 . 2012-02-12 23:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-07 01:46 . 2012-02-12 00:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-07 01:46 . 2012-02-12 00:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-01-07 01:46 . 2012-02-12 23:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-12 07:56 . 2012-02-12 07:56 98304 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework.Game\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.Game.dll + 2012-02-12 03:14 . 2012-02-12 03:14 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2012-02-07 06:54 . 2012-02-07 06:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2012-02-07 06:54 . 2012-02-07 06:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2012-02-12 03:14 . 2012-02-12 03:14 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2012-01-06 23:33 . 2012-02-12 23:15 5166 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-50768725-1865399903-385665525-1000_UserData.bin + 2012-02-12 23:25 . 2012-02-12 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-02-12 00:11 . 2012-02-12 00:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-02-12 00:08 662168 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-02-12 23:16 662168 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-02-12 00:08 121996 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-02-12 23:16 121996 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-02-12 00:10 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-12 23:25 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-02-12 03:14 . 2012-02-12 03:14 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2012-02-12 03:14 . 2012-02-12 03:14 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2012-02-12 03:14 . 2012-02-12 03:14 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2012-02-07 06:54 . 2012-02-07 06:54 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2012-02-12 03:14 . 2012-02-12 03:14 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2012-02-07 06:54 . 2012-02-07 06:54 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2012-02-07 06:54 . 2012-02-07 06:54 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2012-02-12 03:14 . 2012-02-12 03:14 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2012-02-12 03:14 . 2012-02-12 03:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2012-02-07 06:54 . 2012-02-07 06:54 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-07-14 04:45 . 2012-02-12 23:12 7226337 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-01-31 23:12 7226337 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-01-08 08:43 . 2012-02-12 23:25 3668840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-50768725-1865399903-385665525-1000-8192.dat - 2012-01-08 08:43 . 2012-02-12 00:10 3668840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-50768725-1865399903-385665525-1000-8192.dat + 2012-02-12 07:49 . 2012-02-12 07:49 7671808 c:\windows\Installer\1a4bcd5.msi + 2012-02-12 07:56 . 2012-02-12 07:56 1034752 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.dll + 2012-02-12 03:14 . 2012-02-12 03:14 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-02-07 06:54 . 2012-02-07 06:54 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-02-12 03:14 . 2012-02-12 03:14 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-08 1242448] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\Nick\AppData\Local\Temp\ALSysIO64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000Core.job - c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 02:09] . 2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000UA.job - c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 02:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-02-12 18:28:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-12 23:28 ComboFix2.txt 2012-02-12 00:14 . Pre-Run: 372,646,944,768 bytes free Post-Run: 372,337,254,400 bytes free . - - End Of File - - 6BF8176F258BBF1C0D32FECA2EE8C2F4- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
ComboFix 12-02-11.03 - Nick 02/11/2012 19:05:31.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6877 [GMT -5:00] Running from: c:\users\Nick\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 ))))))))))))))))))))))))))))))) . . 2012-02-12 00:10 . 2012-02-12 00:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-02-12 00:10 . 2012-02-12 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-11 00:34 . 2012-02-11 00:34 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45DD2621-98C2-4723-9AB6-84D30C8E3BF1}\gapaengine.dll 2012-02-11 00:34 . 2011-10-04 22:22 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-11 00:34 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D84B05F-B10B-45CE-87B5-486EADA3642D}\mpengine.dll 2012-02-08 21:44 . 2012-02-08 21:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-02-08 21:44 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-08 21:38 . 2012-02-08 21:38 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes 2012-02-08 21:38 . 2012-02-08 21:38 -------- d-----w- c:\programdata\Malwarebytes 2012-02-05 19:42 . 2007-05-24 02:26 100352 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL 2012-02-04 00:05 . 2012-02-04 00:05 -------- d-----w- c:\users\Nick\AppData\Local\SCE 2012-01-23 07:47 . 2012-01-28 06:51 -------- d-----w- c:\users\Nick\AppData\Roaming\Skype 2012-01-23 07:47 . 2012-01-23 07:47 -------- d-----r- c:\program files (x86)\Skype 2012-01-23 07:47 . 2012-01-23 07:47 -------- d-----w- c:\programdata\Skype 2012-01-22 03:35 . 2011-06-29 18:08 571312 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx 2012-01-22 03:35 . 2011-06-29 18:08 2262960 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx 2012-01-22 03:35 . 2012-01-22 03:35 -------- d-----w- c:\program files (x86)\DolbyAxon 2012-01-15 23:09 . 2012-01-15 23:09 -------- d-----w- c:\program files (x86)\Mumble 2012-01-13 01:33 . 2012-01-13 01:33 -------- d-----w- c:\program files (x86)\Microsoft XNA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 02:35 . 2012-01-08 06:27 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-02-06 02:35 . 2012-01-08 05:48 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-02-06 02:31 . 2012-01-08 05:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-11 22:20 . 2012-01-11 22:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-09 01:46 . 2012-01-09 01:46 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-09 01:32 . 2012-01-09 01:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-08 06:32 . 2012-01-08 05:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-01-06 05:15 . 2012-01-08 03:14 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-24 04:52 . 2012-01-08 02:53 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-19 14:58 . 2012-01-11 22:17 77312 ----a-w- c:\windows\system32\packager.dll 2011-11-19 14:01 . 2012-01-11 22:17 67072 ----a-w- c:\windows\SysWow64\packager.dll 2011-11-17 06:41 . 2012-01-11 22:17 1731920 ----a-w- c:\windows\system32\ntdll.dll 2011-11-17 05:38 . 2012-01-11 22:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ALSysIO;ALSysIO;c:\users\Nick\AppData\Local\Temp\ALSysIO64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000Core.job - c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 02:09] . 2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-50768725-1865399903-385665525-1000UA.job - c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 02:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-02-11 19:14:23 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-12 00:14 . Pre-Run: 373,386,915,840 bytes free Post-Run: 373,507,407,872 bytes free . - - End Of File - - F6EB65D296DF659AD3624D0001D2BF48- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
isearch.whitesmoke virus need help
Bigd993 replied to Bigd993's topic in Resolved Malware Removal Logs
. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30 Run by Nick at 18:35:39 on 2012-02-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6674 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 mWinlogon: Userinit=userinit.exe BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B440EB5C-0B0A-4B9D-8E19-E83BF698D7C1} : DhcpNameServer = 192.168.1.1 BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-8 652360] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-6 2253120] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-02-08 21:44:39 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-08 21:44:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-08 21:38:15 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes 2012-02-08 21:38:15 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-08 00:08:16 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14BCE424-613B-4778-95BE-748702396564}\mpengine.dll 2012-02-05 19:42:16 100352 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL 2012-02-04 00:05:47 -------- d-----w- C:\Users\Nick\AppData\Local\SCE 2012-01-23 07:47:51 -------- d-----r- C:\Program Files (x86)\Skype 2012-01-22 03:35:54 571312 ----a-w- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v13.0.0.ocx 2012-01-22 03:35:54 2262960 ----a-w- C:\Windows\SysWow64\Codejock.CommandBars.v13.0.0.ocx 2012-01-22 03:35:53 -------- d-----w- C:\Program Files (x86)\DolbyAxon 2012-01-15 23:09:07 -------- d-----w- C:\Program Files (x86)\Mumble 2012-01-13 01:33:43 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-01-11 22:24:08 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 22:24:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 22:24:07 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 22:24:07 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 22:20:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-11 22:17:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 22:17:27 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 22:17:00 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 22:17:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll . ==================== Find3M ==================== . 2012-02-06 02:35:16 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-02-06 02:35:16 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-02-06 02:31:01 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-09 01:46:44 525544 ----a-w- C:\Windows\System32\deployJava1.dll 2012-01-09 01:32:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-08 06:32:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 18:36:13.98 ===============- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with:
-
Hello, I recently have been infected with the isearch.whitesmoke virus and I really need help removing it. I had IE, Google Chrome, and Firefox and all three of them had their homepages switched to isearch.whitesmoke. I have tried changing the homepages, but it just reverts back to the whitesmoke browser. I have tried uninstalling and reinstalling Chrome and so far it does not seem to be switching back to whitesmoke; however I am pretty sure my system is still infected with whitesmoke because my IE still has it as its browser. I have also run a quick scan with the Malwarebytes Anti-Malware program and nothing appeared. I have also run a quick and full scan with Microsoft Security Essentials and again nothing shows up. So if someone could walk me through on how to remove this isearch.whitesmoke virus, I would greatly apreciate it!
- 17 replies
-
- isearch
- whitesmoke
-
(and 2 more)
Tagged with: