Jump to content

Whitesmoke virus


Recommended Posts

Hey, I've been trying to get rid of this virus for a week or so. I read other posts about the virus and followed some of the suggestions. I cleared my java cache and downloaded malwarebytes, where 1032 infected files were found. I removed these files, restarted my computer and ran malwaebytes again. Seems like everything is now running normal. The computer is running faster and I can click on links without being redirected. Just would like to know if it is completely gone or if I need to use combofix. First log:

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5631

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/28/2011 3:23:12 PM

mbam-log-2011-01-28 (15-23-12).txt

Scan type: Quick scan

Objects scanned: 156104

Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 147

Registry Values Infected: 10

Registry Data Items Infected: 2

Folders Infected: 96

Files Infected: 774

Memory Processes Infected:

c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 884 -> Not selected for removal.

c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 1416 -> Not selected for removal.

Memory Modules Infected:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Not selected for removal.

HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Not selected for removal.

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Delete on reboot.

c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketranslator (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> Not selected for removal.

Files Infected:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

c:\WINDOWS\Temp\Hp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\program files\AWS\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\sshnas21(2).dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\lsvnywd.sys (Trojan.Bubnix.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\1B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\45438.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\45439.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\4543a.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne11.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne13.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne14.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne16.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne1d.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne2.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne3.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne4.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne52.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne53.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne54.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne6.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne7.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dne8.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dnee.tmp.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dnef.tmp.exe (Trojan.CodecPack) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\22.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\Hp0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\Hp2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\Hpz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\_ex-68.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Desktop\buy whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\Desktop\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\Startup\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dnea.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dneb.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dnec.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\dned.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Link to post
Share on other sites

LOG 1 CONTINUED

c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\inithtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupgames.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuphtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popuprss.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupwidgets.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupabout.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupgames.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupwidgets.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-info.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingmid.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateff.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoketoolbar\components\windowmediator.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\buy.ico (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\comvistaelevator.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\dictionary48x48.ico (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\license_agreement_translator.txt (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\osmax.ocx (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\secman.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\settings.ini (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\TCCons.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\WCapture.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\wcapturex.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\WCustom.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\WHook.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\wmonitorx.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\wsdicthookdll.dll (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\WSLogger.exe (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\blank.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\checkerboard.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\helix.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.htc (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\iepngfix\opacity.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\js\common.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\js\pngfix.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\js\prototype.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\common\js\xmlhttp.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\index.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\spacer.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\ajax-loader.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_bg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_left_corner.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_left.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_right.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_left.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_right.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\down_arrow.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\empty.jpg (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\input_bg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\left_input.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\loading_dictionary.swf (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\resize.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\right_input.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\search_strip_bg3.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\down_arrow.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_normal.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_pressed.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_rollover.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_off.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_roll_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_off.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_roll_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_bottom.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_top.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_press.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\common.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\contextmenu.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\dictinterface.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.combobox.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\prototype.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\xmlhttp.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> Not selected for removal.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\preferences.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\stat.log (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\stats.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\uninstallie.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\Owner\application data\whitesmoketoolbar\uninstallstatie.dat (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\localservice\application data\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> Not selected for removal.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> Not selected for removal.

Link to post
Share on other sites

2ND LOG:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5631

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/28/2011 4:01:32 PM

mbam-log-2011-01-28 (16-01-32).txt

Scan type: Quick scan

Objects scanned: 155175

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 15

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 34

Files Infected: 158

Memory Processes Infected:

c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 884 -> Unloaded process successfully.

c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 1416 -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\buy.ico (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\comvistaelevator.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\dictionary48x48.ico (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\license_agreement_translator.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\osmax.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\secman.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\settings.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\TCCons.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\WCapture.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\wcapturex.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\WCustom.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\WHook.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\wmonitorx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\wsdicthookdll.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\WSLogger.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\checkerboard.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\helix.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.htc (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\iepngfix\opacity.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\js\common.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\js\pngfix.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\js\prototype.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\common\js\xmlhttp.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\spacer.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\ajax-loader.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_left_corner.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\down_arrow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\empty.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\input_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\left_input.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\loading_dictionary.swf (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\resize.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\right_input.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\search_strip_bg3.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\down_arrow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_normal.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_pressed.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_rollover.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_off.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_roll_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_off.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_roll_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_bottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\common.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\contextmenu.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\dictinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.combobox.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\prototype.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\js\xmlhttp.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\program files\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\preferences.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\stats.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\uninstallie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\whitesmoketoolbar\uninstallstatie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\application data\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

c:\documents and settings\all users\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello jessica.dreier! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please re-run Malwarebytes' Anti-Malware and post the resaults with:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

3RD LOG AFTER RESTARTING COMPUTER:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5631

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/28/2011 4:30:20 PM

mbam-log-2011-01-28 (16-30-20).txt

Scan type: Quick scan

Objects scanned: 155551

Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Sorry it took so long...computer seems to be running slow now. Received a Generic Host Process for Win32 services when the scan finished. Another problem that repeated itself was that the Start/Task bar area on the bottom changed from blue to gray, and the font changed as well. It went back to normal after a few seconds. Also redirecting again in firefox and opening new tab without clicking on anything. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5631

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/29/2011 12:51:09 PM

mbam-log-2011-01-29 (12-51-09).txt

Scan type: Quick scan

Objects scanned: 156662

Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 12:21:48.09 on Sat 01/29/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.73 [GMT -5:00]

AV: My Security Shield *Enabled/Updated* {3E3B6736-978A-4015-A8E0-6D4AFBE3EB76}

FW: My Security Shield *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\RegCure\RegCure.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\interMute\SpamSubtract\SpamSub.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = ;localhost;<local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [LTMSG] LTMSG.exe 7

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"

mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"

mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

dRun: [Microsoft Update] wserv32.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: SpSubLSP.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://k9countryclub.dipmap.com/cab/OCXChecker_8000.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: igfxcui - igfxsrvc.dll

IFEO: image file execution options - svchost.exe

Hosts: 127.0.7.33 www.symantec.com

Hosts: 127.0.7.33 symantec.com

Hosts: 127.0.7.33 securityresponse.symantec.com

Hosts: 127.0.7.33 sarc.com

Hosts: 127.0.7.33 www.sarc.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\jehzbvxx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-5-18 99248]

S2 mrtRate;mrtRate; [x]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

S3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-10-23 582424]

=============== Created Last 30 ================

2011-01-28 20:00:42 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-01-28 19:58:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 19:58:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-28 19:58:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 19:58:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 18:15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-28 18:15:39 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-24 01:03:19 -------- d-----w- c:\program files\Pure Networks

2011-01-24 01:02:39 -------- d-----w- c:\program files\WebEx

2011-01-24 01:02:32 8892928 ----a-w- c:\docume~1\alluse~1\applic~1\atscie.msi

2011-01-24 01:01:25 -------- d-----w- c:\program files\Linksys

2011-01-24 01:01:08 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-01-24 01:01:00 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-01-24 01:00:45 -------- d-----w- c:\program files\common files\Pure Networks Shared

2011-01-24 01:00:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

2011-01-18 03:12:50 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-18 03:10:25 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp

2011-01-18 02:52:28 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Mozilla

2011-01-18 01:46:28 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-18 01:46:28 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-18 01:40:38 331264 ----a-w- c:\windows\system32\neig.exe

2011-01-18 01:15:13 0 ----a-w- c:\windows\Pdikadanapiqif.bin

2011-01-18 01:15:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{534E0E49-C50B-4E34-837C-820911C30E42}

2011-01-18 01:15:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-01-17 04:34:43 -------- d-----w- c:\docume~1\owner\applic~1\Local

2011-01-17 04:27:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX

2011-01-16 15:52:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Graboid

2011-01-16 15:52:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Geckofx

2011-01-16 15:51:08 -------- d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-11 00:22:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3160021A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-1b

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84ED5735]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84edb990]; MOV EAX, [0x84edba0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x84FCC958]

3 CLASSPNP[0xF7629FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005f[0x84FCD650]

5 ACPI[0xF75A0620] -> nt!IofCallDriver[0x804E37D5] -> [0x84FCD030]

\Driver\atapi[0x84F233A0] -> IRP_MJ_CREATE -> 0x84ED5735

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }

detected disk devices:

\Device\Ide\IdeDeviceP2T0L0-1b -> \??\IDE#DiskST3160021A______________________________3.06____#4a353153414c383020

2020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x84ED557B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

============= FINISH: 12:24:10.64 ===============

New_Compressed__zipped__Folder.zip

Link to post
Share on other sites

Sorry it took so long...computer seems to be running slow now. Received a Generic Host Process for Win32 services when the scan finished. Another problem that repeated itself was that the Start/Task bar area on the bottom changed from blue to gray, and the font changed as well. It went back to normal after a few seconds. Also redirecting again in firefox and opening new tab without clicking on anything.

Yes, I saw them and your Windows Update not working too. It's complicated, but we can fix them.

Before we go, I suggest you to uninstall XoftSpySE . For awhile, it was in rogue application lists, so I suggest to not trust it.

Step 1

Please, uninstall the following applications:

  1. XoftSpySE

You can read, how to do this here:

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Running very slow...

2011/01/29 13:38:59.0125 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/29 13:38:59.0125 ================================================================================

2011/01/29 13:38:59.0125 SystemInfo:

2011/01/29 13:38:59.0125

2011/01/29 13:38:59.0125 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/29 13:38:59.0125 Product type: Workstation

2011/01/29 13:38:59.0125 ComputerName: JOAN

2011/01/29 13:38:59.0125 UserName: Owner

2011/01/29 13:38:59.0125 Windows directory: C:\WINDOWS

2011/01/29 13:38:59.0125 System windows directory: C:\WINDOWS

2011/01/29 13:38:59.0125 Processor architecture: Intel x86

2011/01/29 13:38:59.0125 Number of processors: 1

2011/01/29 13:38:59.0125 Page size: 0x1000

2011/01/29 13:38:59.0125 Boot type: Normal boot

2011/01/29 13:38:59.0125 ================================================================================

2011/01/29 13:39:00.0390 Initialize success

2011/01/29 13:39:09.0593 ================================================================================

2011/01/29 13:39:09.0593 Scan started

2011/01/29 13:39:09.0593 Mode: Manual;

2011/01/29 13:39:09.0593 ================================================================================

2011/01/29 13:39:11.0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/29 13:39:11.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/29 13:39:11.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/29 13:39:12.0156 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/29 13:39:12.0312 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/29 13:39:12.0468 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/29 13:39:13.0031 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2011/01/29 13:39:13.0312 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/01/29 13:39:13.0718 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2011/01/29 13:39:14.0046 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/29 13:39:14.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/29 13:39:14.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/29 13:39:15.0140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/29 13:39:15.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/29 13:39:15.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/29 13:39:15.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/29 13:39:16.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/29 13:39:16.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/29 13:39:16.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/29 13:39:17.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/29 13:39:17.0953 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/29 13:39:18.0171 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/29 13:39:18.0312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/29 13:39:18.0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/29 13:39:18.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/29 13:39:19.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/29 13:39:19.0203 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/01/29 13:39:19.0406 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/29 13:39:19.0593 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2011/01/29 13:39:19.0750 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2011/01/29 13:39:19.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/29 13:39:20.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/29 13:39:20.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/29 13:39:20.0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/29 13:39:20.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/29 13:39:20.0843 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/29 13:39:21.0218 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/29 13:39:21.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/29 13:39:22.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/29 13:39:22.0468 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/01/29 13:39:22.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/29 13:39:23.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/01/29 13:39:23.0453 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/29 13:39:23.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/29 13:39:23.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/29 13:39:24.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/29 13:39:24.0234 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/29 13:39:24.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/29 13:39:24.0593 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/29 13:39:24.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/29 13:39:24.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/29 13:39:25.0156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/29 13:39:25.0562 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2011/01/29 13:39:25.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/29 13:39:25.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/29 13:39:26.0125 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/29 13:39:26.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/29 13:39:26.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/29 13:39:27.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/29 13:39:27.0265 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/29 13:39:27.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/29 13:39:27.0671 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/29 13:39:27.0843 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/29 13:39:28.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/29 13:39:28.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/29 13:39:28.0343 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/29 13:39:28.0578 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/29 13:39:28.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/29 13:39:28.0953 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/29 13:39:29.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/29 13:39:29.0281 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/29 13:39:29.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/29 13:39:29.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/29 13:39:29.0906 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/29 13:39:30.0078 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/29 13:39:30.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/29 13:39:30.0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/29 13:39:30.0718 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/29 13:39:30.0937 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2011/01/29 13:39:31.0109 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/29 13:39:31.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/29 13:39:31.0468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/29 13:39:31.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/29 13:39:31.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/29 13:39:32.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/29 13:39:32.0203 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/29 13:39:32.0562 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/29 13:39:32.0750 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/29 13:39:33.0781 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/01/29 13:39:33.0984 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2011/01/29 13:39:34.0171 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/29 13:39:34.0375 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/29 13:39:34.0734 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys

2011/01/29 13:39:34.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/29 13:39:35.0093 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/29 13:39:35.0281 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

2011/01/29 13:39:35.0437 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/01/29 13:39:36.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/29 13:39:36.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/29 13:39:36.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/29 13:39:36.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/29 13:39:36.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/29 13:39:37.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/29 13:39:37.0343 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/29 13:39:37.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/29 13:39:37.0718 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2011/01/29 13:39:38.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/29 13:39:38.0265 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/29 13:39:38.0437 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/29 13:39:38.0671 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/29 13:39:39.0031 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2011/01/29 13:39:39.0218 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2011/01/29 13:39:39.0390 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2011/01/29 13:39:39.0765 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/01/29 13:39:40.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/29 13:39:40.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/29 13:39:40.0406 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/29 13:39:40.0671 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2011/01/29 13:39:41.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/29 13:39:41.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/29 13:39:41.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/29 13:39:42.0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/29 13:39:42.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/29 13:39:42.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/29 13:39:42.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/29 13:39:43.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/29 13:39:43.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/29 13:39:43.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/29 13:39:43.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/29 13:39:43.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/29 13:39:44.0109 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/29 13:39:44.0296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/29 13:39:44.0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/29 13:39:44.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/29 13:39:44.0828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/29 13:39:45.0015 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2011/01/29 13:39:45.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/29 13:39:45.0359 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2011/01/29 13:39:45.0515 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2011/01/29 13:39:45.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/29 13:39:45.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/29 13:39:46.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/29 13:39:46.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/29 13:39:46.0671 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/29 13:39:46.0906 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys

2011/01/29 13:39:47.0062 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys

2011/01/29 13:39:47.0125 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/29 13:39:47.0140 ================================================================================

2011/01/29 13:39:47.0140 Scan finished

2011/01/29 13:39:47.0140 ================================================================================

2011/01/29 13:39:47.0156 Detected object count: 1

2011/01/29 13:40:11.0578 \HardDisk0 - will be cured after reboot

2011/01/29 13:40:11.0578 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/29 13:40:25.0187 Deinitialize success

--------------------------------------

2011/01/29 13:47:59.0359 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/29 13:47:59.0359 ================================================================================

2011/01/29 13:47:59.0359 SystemInfo:

2011/01/29 13:47:59.0359

2011/01/29 13:47:59.0359 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/29 13:47:59.0359 Product type: Workstation

2011/01/29 13:47:59.0359 ComputerName: JOAN

2011/01/29 13:47:59.0359 UserName: Owner

2011/01/29 13:47:59.0359 Windows directory: C:\WINDOWS

2011/01/29 13:47:59.0359 System windows directory: C:\WINDOWS

2011/01/29 13:47:59.0359 Processor architecture: Intel x86

2011/01/29 13:47:59.0359 Number of processors: 1

2011/01/29 13:47:59.0359 Page size: 0x1000

2011/01/29 13:47:59.0359 Boot type: Normal boot

2011/01/29 13:47:59.0359 ================================================================================

2011/01/29 13:47:59.0843 Initialize success

2011/01/29 13:48:17.0671 ================================================================================

2011/01/29 13:48:17.0671 Scan started

2011/01/29 13:48:17.0671 Mode: Manual;

2011/01/29 13:48:17.0671 ================================================================================

2011/01/29 13:48:19.0140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/29 13:48:19.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/29 13:48:19.0625 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/29 13:48:19.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/29 13:48:19.0984 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/01/29 13:48:20.0140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/29 13:48:20.0687 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2011/01/29 13:48:20.0968 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/01/29 13:48:21.0343 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2011/01/29 13:48:21.0656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/29 13:48:22.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/29 13:48:22.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/29 13:48:22.0718 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/29 13:48:22.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/29 13:48:23.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/29 13:48:23.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/29 13:48:23.0734 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/29 13:48:23.0890 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/29 13:48:24.0046 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/29 13:48:25.0031 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/29 13:48:25.0234 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/29 13:48:25.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/29 13:48:25.0593 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/29 13:48:25.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/29 13:48:26.0078 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/29 13:48:26.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/29 13:48:26.0468 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/01/29 13:48:26.0625 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/29 13:48:26.0796 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2011/01/29 13:48:26.0968 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2011/01/29 13:48:27.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/29 13:48:27.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/29 13:48:27.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/29 13:48:27.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/29 13:48:27.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/29 13:48:27.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/29 13:48:28.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/29 13:48:28.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/29 13:48:29.0000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/29 13:48:29.0171 ialm (537efe2f9adcd01073f59e9d3d24164e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/01/29 13:48:29.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/29 13:48:29.0640 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/01/29 13:48:29.0812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/29 13:48:29.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/29 13:48:30.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/29 13:48:30.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/29 13:48:30.0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/29 13:48:30.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/29 13:48:30.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/29 13:48:31.0046 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/29 13:48:31.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/29 13:48:31.0437 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/29 13:48:31.0781 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2011/01/29 13:48:32.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/29 13:48:32.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/29 13:48:32.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/29 13:48:32.0578 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/29 13:48:32.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/29 13:48:33.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/29 13:48:33.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/29 13:48:33.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/29 13:48:33.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/29 13:48:33.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/29 13:48:34.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/29 13:48:34.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/29 13:48:34.0468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/29 13:48:34.0703 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/29 13:48:34.0875 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/29 13:48:35.0093 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/29 13:48:35.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/29 13:48:35.0453 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/29 13:48:35.0609 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/29 13:48:35.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/29 13:48:36.0031 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/29 13:48:36.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/29 13:48:36.0453 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/29 13:48:36.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/29 13:48:36.0890 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/29 13:48:37.0093 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2011/01/29 13:48:37.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/29 13:48:37.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/29 13:48:37.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/29 13:48:37.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/29 13:48:38.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/29 13:48:38.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/29 13:48:38.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/29 13:48:38.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/29 13:48:38.0843 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/29 13:48:39.0906 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/01/29 13:48:40.0078 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

2011/01/29 13:48:40.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/29 13:48:40.0437 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/29 13:48:40.0625 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys

2011/01/29 13:48:40.0812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/29 13:48:40.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/29 13:48:41.0171 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

2011/01/29 13:48:41.0375 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/01/29 13:48:42.0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/29 13:48:42.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/29 13:48:42.0843 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/29 13:48:43.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/29 13:48:43.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/29 13:48:43.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/29 13:48:43.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/29 13:48:43.0734 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/29 13:48:43.0937 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2011/01/29 13:48:44.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/29 13:48:44.0437 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/29 13:48:44.0609 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/29 13:48:44.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/29 13:48:45.0140 SiS315 (7a363269d1b57526410fa23fc92cdfa1) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2011/01/29 13:48:45.0453 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2011/01/29 13:48:45.0921 SiSkp (7ef8e5c266133638e7e06be03fcbeff3) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2011/01/29 13:48:46.0578 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/01/29 13:48:47.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/29 13:48:47.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/29 13:48:48.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/29 13:48:48.0484 SunkFilt (f658d6420b14bedb49c19e39e7d03594) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2011/01/29 13:48:48.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/29 13:48:48.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/29 13:48:49.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/29 13:48:49.0843 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/29 13:48:50.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/29 13:48:50.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/29 13:48:50.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/29 13:48:50.0640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/29 13:48:50.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/29 13:48:51.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/29 13:48:51.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/29 13:48:51.0515 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/29 13:48:51.0671 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/01/29 13:48:51.0859 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/29 13:48:52.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/29 13:48:52.0187 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/29 13:48:52.0406 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/29 13:48:52.0578 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2011/01/29 13:48:52.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/29 13:48:52.0875 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2011/01/29 13:48:53.0046 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2011/01/29 13:48:53.0218 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/01/29 13:48:53.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/29 13:48:53.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/29 13:48:53.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/29 13:48:54.0140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/01/29 13:48:54.0359 {6080A529-897E-4629-A488-ABA0C29B635E} (e6c22d34baef5196e1b23a4492c275b7) C:\WINDOWS\system32\drivers\ialmsbw.sys

2011/01/29 13:48:54.0531 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (6e53bd96b0ebad721cdd6320dbfc3f5f) C:\WINDOWS\system32\drivers\ialmkchw.sys

2011/01/29 13:48:54.0593 ================================================================================

2011/01/29 13:48:54.0593 Scan finished

2011/01/29 13:48:54.0593 ================================================================================

-------------------

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 13:57:43.45 on Sat 01/29/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.244 [GMT -5:00]

AV: My Security Shield *Enabled/Updated* {3E3B6736-978A-4015-A8E0-6D4AFBE3EB76}

FW: My Security Shield *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\LTMSG.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\RegCure\RegCure.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\interMute\SpamSubtract\SpamSub.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = ;localhost;<local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [LTMSG] LTMSG.exe 7

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"

mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"

mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

dRun: [Microsoft Update] wserv32.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\1940576\program\BackWeb-1940576.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: SpSubLSP.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://k9countryclub.dipmap.com/cab/OCXChecker_8000.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: igfxcui - igfxsrvc.dll

IFEO: image file execution options - svchost.exe

Hosts: 127.0.7.33 www.symantec.com

Hosts: 127.0.7.33 symantec.com

Hosts: 127.0.7.33 securityresponse.symantec.com

Hosts: 127.0.7.33 sarc.com

Hosts: 127.0.7.33 www.sarc.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\jehzbvxx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-5-18 99248]

S2 mrtRate;mrtRate; [x]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]

=============== Created Last 30 ================

2011-01-28 20:00:42 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-01-28 19:58:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 19:58:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-28 19:58:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 19:58:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 18:15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-28 18:15:39 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-24 01:03:19 -------- d-----w- c:\program files\Pure Networks

2011-01-24 01:02:39 -------- d-----w- c:\program files\WebEx

2011-01-24 01:02:32 8892928 ----a-w- c:\docume~1\alluse~1\applic~1\atscie.msi

2011-01-24 01:01:25 -------- d-----w- c:\program files\Linksys

2011-01-24 01:01:08 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-01-24 01:01:00 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-01-24 01:00:45 -------- d-----w- c:\program files\common files\Pure Networks Shared

2011-01-24 01:00:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks

2011-01-18 03:12:50 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-18 03:10:25 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp

2011-01-18 02:52:28 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Mozilla

2011-01-18 01:46:28 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-18 01:46:28 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-18 01:40:38 331264 ----a-w- c:\windows\system32\neig.exe

2011-01-18 01:15:13 0 ----a-w- c:\windows\Pdikadanapiqif.bin

2011-01-18 01:15:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{534E0E49-C50B-4E34-837C-820911C30E42}

2011-01-18 01:15:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-01-17 04:34:43 -------- d-----w- c:\docume~1\owner\applic~1\Local

2011-01-17 04:27:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX

2011-01-16 15:52:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Graboid

2011-01-16 15:52:47 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Geckofx

2011-01-16 15:51:08 -------- d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-11 00:22:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 13:59:30.75 ===============

Link to post
Share on other sites

Please visit www.virustotal.com and upload the following file:

c:\docume~1\alluse~1\applic~1\atscie.msi

Then:

Open Notepad. Copy and paste the following text into it:

@echo off
dir "c:\documents and settings\Owner\application data\{534E0E49-C50B-4E34-837C-820911C30E42}\" > c:\dirlog.txt
start c:\dirlog.txt
del %0

Save it as dirlog.bat at the desktop. Make sure the Save as type: is All Files (*.*).

Double click on dirlog.bat to run it. Allow if prompted by any security software.

A file dirlog.txt will appear on your main hard drive

Link to post
Share on other sites

The name of that folder does not appear.

The scan found multiple items this time:

2011-01-29 Found nothing

[G DATA]

2011-01-29 Trojan.Generic.KDV.106212

[Avast! antivirus]

2011-01-29 Win32:Malware-gen

[ikarus]

2011-01-29 Trojan.SuspectCRC

[Grisoft AVG Anti-Virus]

2011-01-29 Dropper.Small.IWA

[Kaspersky Anti-Virus]

2011-01-29 Found nothing

[Avira AntiVir]

2011-01-28 TR/Delf.osw

[ESET NOD32]

2011-01-29 Win32/Delf.OSW

[softwin BitDefender]

2011-01-29 Trojan.Generic.KDV.106212

[Panda Antivirus]

2011-01-29 Generic

[ClamAV]

2011-01-29 Found nothing

[Quick Heal]

2011-01-29 Found nothing

[CPsecure]

2011-01-29 Found nothing

[sophos]

2011-01-29 Found nothing

[Dr.Web]

2011-01-29 Trojan.DownLoader1.52763

[VirusBlokAda VBA32]

2011-01-28 Found nothing

[Frisk F-Prot Antivirus]

2011-01-29 Found nothing

[VirusBuster]

2011-01-29 Found nothing

[F-Secure Anti-Virus]

2011-01-29 Trojan.Generic.KDV.106212

Link to post
Share on other sites

Okay, we'll delete this folder in another way. Now:

First:

  1. Please download the Suspicious File Packer (by Safer Networking Limited) and unzip to your desktop.
  2. Run sfp.exe
  3. Copy the following part of code box into the SFP window:
    c:\windows\system32\neig.exe


  4. Allow SFP to pack the file and then will be generate a CAB archive on your desktop.

Second:

  1. Please visit this website: Submit Malware Sample
  2. Against the inscription: "Link to topic where this file was requested:", insert links pointing to this topic.
  3. Against the inscription: "Browse to the file you want to submit:", click on the Choose... button. Navigate to the CAB file which will be called requested-files[ * ].cab (the * stands for the date and hour).
  4. Against the inscription: "Leave any comments, further information about this file, or contact information:" should be written as follows:
    Sent at the request of Borislav.
  5. Once you're ready, click the Send File button.

Link to post
Share on other sites

Thank you!

Let's kill them!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Alright, here we go! After I ran combofix, the icon for IE appeared on my desktop, not sure why.

ComboFix 11-01-28.03 - Owner 01/29/2011 15:42:54.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.215 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\480a18

c:\documents and settings\All Users\Application Data\480a18\155.mof

c:\documents and settings\All Users\Application Data\480a18\MSS.ico

c:\documents and settings\All Users\Application Data\480a18\MSSSys\vd952342.bd

c:\documents and settings\Owner\Application Data\Local

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\0.ddi

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\1.ddi

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\settings.ddi

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\weeds.s06e13.hdtv.xvid-fqm_ns.avi.ddp

c:\documents and settings\Owner\Application Data\Local\Temp\DDM\Settings\weeds.s06e13.hdtv.xvid-fqm_ns.avi.ddr

c:\documents and settings\Owner\Application Data\PriceGong

c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\cookies.sqlite

c:\windows\patch.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))

.

2011-01-28 20:00 . 2011-01-28 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-01-28 19:58 . 2011-01-28 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-28 19:58 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 19:58 . 2011-01-28 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 19:58 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 18:15 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-26 22:46 . 2011-01-26 22:46 -------- d-----w- c:\program files\Microsoft Silverlight

2011-01-24 01:03 . 2011-01-24 01:03 -------- d-----w- c:\program files\Pure Networks

2011-01-24 01:02 . 2011-01-24 01:02 -------- d-----w- c:\program files\WebEx

2011-01-24 01:02 . 2011-01-24 01:02 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2011-01-24 01:01 . 2011-01-28 01:53 -------- d-----w- c:\program files\Linksys

2011-01-24 01:01 . 2009-07-07 19:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-01-24 01:01 . 2011-01-24 01:01 -------- dc----w- c:\windows\system32\DRVSTORE

2011-01-24 01:01 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-01-24 01:00 . 2011-01-24 01:00 -------- d-----w- c:\program files\Common Files\Pure Networks Shared

2011-01-24 01:00 . 2011-01-24 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2011-01-18 03:13 . 2011-01-18 03:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-01-18 03:12 . 2011-01-18 03:12 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-18 03:10 . 2011-01-26 21:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp

2011-01-18 02:52 . 2011-01-18 02:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2011-01-18 01:46 . 2011-01-18 01:46 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-18 01:40 . 2011-01-18 01:40 331264 ----a-w- c:\windows\system32\neig.exe

2011-01-18 01:15 . 2011-01-18 01:15 0 ----a-w- c:\windows\Pdikadanapiqif.bin

2011-01-18 01:15 . 2011-01-18 01:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}

2011-01-18 01:15 . 2011-01-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-18 00:40 . 2011-01-18 01:42 -------- d-s---w- c:\documents and settings\Administrator

2011-01-17 22:53 . 2011-01-17 22:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-01-17 04:34 . 2011-01-17 04:34 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX

2011-01-17 04:27 . 2011-01-18 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2011-01-16 15:52 . 2011-01-18 01:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid

2011-01-16 15:52 . 2011-01-16 15:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Geckofx

2011-01-16 15:51 . 2011-01-16 15:51 -------- d-----w- c:\program files\VideoLAN

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2004-02-04 19:11 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 21:34 . 2008-04-26 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-11 00:22 . 2010-11-11 00:22 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-09 14:52 . 2003-10-28 11:09 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-02-04 19:12 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-02-04 19:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-02-04 18:37 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-20 98304]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 180269]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2011-01-26 53248]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-1-27 557056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-1-26 16384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [5/18/2009 7:32 PM 99248]

S2 mrtRate;mrtRate; [x]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2011-01-15 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2011-01-28 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]

2011-01-14 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

2011-01-27 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2011-01-29 c:\windows\Tasks\RegCure Startup.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2011-01-16 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = ;localhost;<local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: SpSubLSP.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://k9countryclub.dipmap.com/cab/OCXChecker_8000.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jehzbvxx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKU-Default-Run-Microsoft Update - wserv32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-29 15:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\combo-fix\CF15117.cfxxe [1884] 0x84A806E8

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(3836)

c:\windows\system32\WININET.dll

c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\windows\system32\VTTimer.exe

c:\windows\LTMSG.exe

c:\windows\ALCXMNTR.EXE

.

**************************************************************************

.

Completion time: 2011-01-29 16:01:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-29 21:01

Pre-Run: 130,908,585,984 bytes free

Post-Run: 130,940,923,904 bytes free

- - End Of File - - D66B1EEA995798399C762C6274E6563D

Link to post
Share on other sites

After I ran combofix, the icon for IE appeared on my desktop, not sure why.

Because of ComboFix. If you don't need it, please manually delete it. Now:

Open Notepad and copy and paste the text in the code box below into it:

File::
c:\windows\system32\neig.exe
c:\windows\Pdikadanapiqif.bin

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 11-01-28.03 - Owner 01/29/2011 16:31:39.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.247 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::

"c:\windows\Pdikadanapiqif.bin"

"c:\windows\system32\neig.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}

c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{534E0E49-C50B-4E34-837C-820911C30E42}\install.rdf

c:\windows\Pdikadanapiqif.bin

c:\windows\system32\neig.exe

.

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))

.

2011-01-28 20:00 . 2011-01-28 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-01-28 19:58 . 2011-01-28 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-28 19:58 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-28 19:58 . 2011-01-28 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-28 19:58 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-28 18:15 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-26 22:46 . 2011-01-26 22:46 -------- d-----w- c:\program files\Microsoft Silverlight

2011-01-24 01:03 . 2011-01-24 01:03 -------- d-----w- c:\program files\Pure Networks

2011-01-24 01:02 . 2011-01-24 01:02 -------- d-----w- c:\program files\WebEx

2011-01-24 01:02 . 2011-01-24 01:02 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi

2011-01-24 01:01 . 2011-01-28 01:53 -------- d-----w- c:\program files\Linksys

2011-01-24 01:01 . 2009-07-07 19:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys

2011-01-24 01:01 . 2011-01-24 01:01 -------- dc----w- c:\windows\system32\DRVSTORE

2011-01-24 01:01 . 2009-07-07 19:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys

2011-01-24 01:00 . 2011-01-24 01:00 -------- d-----w- c:\program files\Common Files\Pure Networks Shared

2011-01-24 01:00 . 2011-01-24 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2011-01-18 03:13 . 2011-01-18 03:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2011-01-18 03:12 . 2011-01-18 03:12 -------- d-----w- c:\windows\system32\%APPDATA%

2011-01-18 03:10 . 2011-01-26 21:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp

2011-01-18 02:52 . 2011-01-18 02:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2011-01-18 01:46 . 2011-01-18 01:46 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-18 01:15 . 2011-01-18 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-01-18 00:40 . 2011-01-18 01:42 -------- d-s---w- c:\documents and settings\Administrator

2011-01-17 22:53 . 2011-01-17 22:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-01-17 04:34 . 2011-01-17 04:34 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX

2011-01-17 04:27 . 2011-01-18 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2011-01-16 15:52 . 2011-01-18 01:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Graboid

2011-01-16 15:52 . 2011-01-16 15:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Geckofx

2011-01-16 15:51 . 2011-01-16 15:51 -------- d-----w- c:\program files\VideoLAN

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2004-02-04 19:11 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 21:34 . 2008-04-26 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-11 00:22 . 2010-11-11 00:22 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2010-11-09 14:52 . 2003-10-28 11:09 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-02-04 19:12 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-02-04 19:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-02-04 18:37 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LTMSG"="LTMSG.exe 7" [X]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]

"VTTimer"="VTTimer.exe" [2004-10-22 53248]

"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-20 98304]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-22 180269]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 8\PostUpdate.exe" [2011-01-26 53248]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-1-27 557056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-1-26 16384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [5/18/2009 7:32 PM 99248]

S2 mrtRate;mrtRate; [x]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]

S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2011-01-15 c:\windows\Tasks\DriverCure.job

- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2011-01-28 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-28 21:15]

2011-01-14 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15]

2011-01-27 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2011-01-29 c:\windows\Tasks\RegCure Startup.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2011-01-16 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = ;localhost;<local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: SpSubLSP.dll

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://k9countryclub.dipmap.com/cab/OCXChecker_8000.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jehzbvxx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-29 16:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\SpSubLSP.dll

.

Completion time: 2011-01-29 16:41:50

ComboFix-quarantined-files.txt 2011-01-29 21:41

ComboFix2.txt 2011-01-29 21:01

Pre-Run: 130,949,500,928 bytes free

Post-Run: 130,906,959,872 bytes free

- - End Of File - - 9FCF9C3CB12766ABA521C51C26E7C82D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.