TechSpot

[Closed- Piracy] Google Redirect on W7 x64 (followed 6 steps)

By natewill18
Dec 17, 2010
  1. Malware bytes Log:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5342

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    12/17/2010 9:03:32 AM
    mbam-log-2010-12-17 (09-03-32).txt

    Scan type: Quick scan
    Objects scanned: 160564
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 18
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 93
    Files Infected: 720

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files (x86)\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documentsx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have deleted your duplicate thread on http://www.techspot.com/vb/topic158321.html. Please keep all posts for this problem here and do not start another thread.

    You use of Vuze and BitComet can easily be the sourse of the malware. Please uninstall or disable while you are being helped.
    ===============================================
    Advise you to uninstall the WhiteSmoke Translator Toolbar.
    ===============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Are you getting help in another forum also?
     
  3. natewill18

    natewill18 TS Rookie Topic Starter

    no I'm not getting help anywhere I believe. I just mistakenly started like 3 topics lol I'm going to post the rest of reports just to be thorough.

    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documentsx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.


    GMER Log:
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-17 09:45:48
    Windows 6.1.7600
    Running: md1ospvr.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x2B 0xED 0xCA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x8A 0xC2 0xF1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0x66 0x87 0x1C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2F 0xA5 0xFC 0xE4 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.schedsvc.dll.01cb9df12238b406.0003 1104384 bytes executable
    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskcomp.dll.01cb9df1223782d9.0002 473600 bytes executable
    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskschd.dll.01cb9df1223c478d.0004 1168896 bytes executable
    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskschd.dll.01cb9df122436e9b.0005 496128 bytes executable
    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.webio.dll.01cb9df12207d3d1.0000 394752 bytes executable
    File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.webio.dll.01cb9df1220efadf.0001 313856 bytes executable

    ---- EOF - GMER 1.0.15 ----


    DDS Log:

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Nate Will at 9:49:41.32 on Fri 12/17/2010
    Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3839.2365 [GMT -5:00]

    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k defragsvc
    C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
    C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\SysWOW64\MAFWTray.exe
    C:\Program Files (x86)\BinarySense\HDDTemp4\HDDtemp4.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Nate Will\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Nate Will\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = hxxp://www.yahoo.com
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - z:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - A:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
    mRun: [HDDtemp4] C:\Program Files (x86)\BinarySense\HDDTemp4\HDDtemp4.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [uPc+kt0NfSaXms] rundll32.exe C:\Windows\system32\o9yo4y.dll, SystemServer
    uPolicies-explorer: StartMenuLogoff = 1 (0x1)
    uPolicies-explorer: HideActionCenter = 1 (0x1)
    uPolicies-explorer: HideSCABattery = 1 (0x1)
    uPolicies-system: HideFastUserSwitching = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
    mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - A:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - z:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\NATEWI~1\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\Nate Will\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: C:\Users\Nate Will\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: A:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: A:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Users\Nate Will\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Nate Will\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
    FF - plugin: C:\Users\Nate Will\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Nate Will\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
    FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: VLCWatcha: xxxxx@xxxxx.xxxx - %profile%\extensions\xxxxx@xxxxx.xxxx
    FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
    FF - Ext: XULRunner: {5CB313C6-0033-4E9C-AB9A-91E3CBBA7CE4} - C:\Users\Nate Will\AppData\Local\{5CB313C6-0033-4E9C-AB9A-91E3CBBA7CE4}
    FF - Ext: XULRunner: {3CE0FC79-3E77-4973-B36A-65B1F470A4BC} - C:\Windows\system32\config\systemprofile\AppData\Local\{3CE0FC79-3E77-4973-B36A-65B1F470A4BC}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc, BRI/1

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-10-28 233488]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-28 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-28 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-28 83120]
    R2 HDD & SSD access service;HDD & SSD access service;C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe [2010-6-22 165888]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-1 363344]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-10-28 366840]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-10-28 1142224]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2009-12-11 6228480]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2009-12-11 160256]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 MAFW;Service for M-Audio FireWire;C:\Windows\System32\drivers\mafw.sys [2009-7-29 231944]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-1 24152]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 133104]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
    S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2010-1-28 31248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

    =============== File Associations ===============

    regfile="regedit.exe" "%1"

    =============== Created Last 30 ================

    2010-12-17 10:49:21 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{58106093-9F5D-4F15-8349-F5E64F8937E5}\mpengine.dll
    2010-12-16 16:54:27 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\TH2
    2010-12-14 14:37:26 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\TH1
    2010-12-11 23:28:58 -------- d-----w- C:\PROGRA~3\Sound Quest
    2010-12-11 23:28:54 -------- d-----w- C:\Program Files\Sound Quest
    2010-12-09 09:54:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2010-12-09 09:54:08 -------- d-----w- C:\Windows\SHELLNEW
    2010-12-06 08:53:05 -------- d-----w- C:\Users\NATEWI~1\AppData\Local\MediaMonkey
    2010-12-06 07:45:19 -------- d-----w- C:\Windows\SysWow64\BestPractices
    2010-12-06 07:45:18 -------- d-----w- C:\Windows\System32\BestPractices
    2010-12-06 07:45:16 -------- d-----w- C:\inetpub
    2010-12-03 16:01:28 -------- d-----w- C:\Windows\KConvert Temp
    2010-12-03 16:01:28 -------- d-----w- C:\Windows\KConvert Logs
    2010-12-02 02:13:29 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\AutoHideIP
    2010-12-02 02:13:29 -------- d-----w- C:\PROGRA~3\AutoHideIP
    2010-12-02 02:12:16 -------- d-----w- C:\Program Files (x86)\AutoHideIP
    2010-12-01 06:37:00 -------- dc-h--w- C:\PROGRA~3\{7D55A338-9946-4B03-9D84-8FD1472DA229}
    2010-12-01 06:27:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-01 06:27:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-01 05:48:52 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\Malwarebytes
    2010-12-01 05:48:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-01 05:48:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-01 04:17:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
    2010-12-01 04:17:03 2045952 ----a-w- C:\Windows\SysWow64\bconvert.dll
    2010-11-30 18:39:58 -------- d-----w- C:\Program Files (x86)\Toontrack
    2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-24 08:11:41 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-24 08:11:40 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-24 08:11:39 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
    2010-11-24 08:11:39 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2010-11-23 05:40:50 -------- d-----w- C:\Program Files (x86)\Beat Kangz
    2010-11-20 07:18:52 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\iZotope
    2010-11-19 09:27:47 -------- d-----w- C:\PROGRA~3\Audio Damage
    2010-11-19 09:23:47 -------- dc-h--w- C:\PROGRA~3\{B5F0C192-874D-49A8-88D7-8431E3714756}
    2010-11-19 09:18:37 -------- d-----w- C:\Program Files (x86)\FXpansion
    2010-11-19 09:18:18 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\FXpansion

    ==================== Find3M ====================

    2010-12-16 00:20:34 118784 ----a-w- C:\Windows\dsdxirmv.exe
    2010-11-23 02:22:38 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-11-20 19:21:51 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 9:51:08.33 ===============
     
  4. natewill18

    natewill18 TS Rookie Topic Starter

    I'm using Windows 7 x64 bit so I am unable to run combofix
     
  5. natewill18

    natewill18 TS Rookie Topic Starter

    here's the ESET log.txt:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=f3615ddd256583498f95793751a3b36d
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-17 09:23:48
    # local_time=2010-12-17 04:23:48 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775165 100 94 0 29016046 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 0 44155996 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=368985
    # found=0
    # cleaned=0
    # scan_time=8505
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=f3615ddd256583498f95793751a3b36d
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-18 03:30:43
    # local_time=2010-12-17 10:30:43 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=1797 16775165 100 94 0 29027926 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 0 44167876 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=810687
    # found=16
    # cleaned=0
    # scan_time=18723
    E:\FILES\D16.Group.Decimort.VST.v1.0.Incl.Keygen-AiR\Keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\Izotope.iDrum.VSTi.RTAS.v1.7.1.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\Izotope.iDrum.VSTi.RTAS.v1.7.3.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\IZotope.Spectron.VST.DX.AS.RTAS.HTDM.v1.13.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\OhmForce.Mobilohm.PRO.VST.RTAS.v1.21.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\OhmForce.OhmBoyz.PRO.VST.RTAS.v1.51.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\OhmForce.Ohmicide.PRO.VST.RTAS.v1.23.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\OhmForce.QuadFrohmage.PRO.VST.RTAS.v1.31.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\OhmForce.Symptohm.Melohman.VSTi.RTAS.v1.21.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\PSP.Audioware.MasterComp.VST.RTAS.v1.5.4.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\PSP.Audioware.Nitro.VST.RTAS.v1.1.2.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\PSP.Audioware.Oldtimer.VST.RTAS.x32.x64.v1.1.2.Incl.Keygen.READNFO-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\Sony Vegas Pro 9.0c Build 896 32+64bit (Includes working keygen)\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    E:\FILES\Sony Vegas Pro v9.0b Build 772-Digital Insanity[H33T][Frapmat212]\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    Z:\Downloads\LinPlug.Albino.VSTi.v3.1.0.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
    Z:\Downloads\LinPlug.Octopus.VSTi.v1.3.0.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You system is filled with pirated programs. We do not support piracy.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...