[Closed- Piracy] Google Redirect on W7 x64 (followed 6 steps)

Status
Not open for further replies.
N

natewill18

Posts: 6   +0
Malware bytes Log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5342

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

12/17/2010 9:03:32 AM
mbam-log-2010-12-17 (09-03-32).txt

Scan type: Quick scan
Objects scanned: 160564
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 93
Files Infected: 720

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documentsx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
 

Attachments

  • Attach.zip
    3.4 KB · Views: 0
I have deleted your duplicate thread on https://www.techspot.com/vb/topic158321.html. Please keep all posts for this problem here and do not start another thread.

You use of Vuze and BitComet can easily be the sourse of the malware. Please uninstall or disable while you are being helped.
===============================================
Advise you to uninstall the WhiteSmoke Translator Toolbar.
===============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Are you getting help in another forum also?
 
no I'm not getting help anywhere I believe. I just mistakenly started like 3 topics lol I'm going to post the rest of reports just to be thorough.

c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documentsx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.


GMER Log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-17 09:45:48
Windows 6.1.7600
Running: md1ospvr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0x2B 0xED 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x8A 0xC2 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFB 0x66 0x87 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x2F 0xA5 0xFC 0xE4 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.schedsvc.dll.01cb9df12238b406.0003 1104384 bytes executable
File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskcomp.dll.01cb9df1223782d9.0002 473600 bytes executable
File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskschd.dll.01cb9df1223c478d.0004 1168896 bytes executable
File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.taskschd.dll.01cb9df122436e9b.0005 496128 bytes executable
File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.webio.dll.01cb9df12207d3d1.0000 394752 bytes executable
File C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.webio.dll.01cb9df1220efadf.0001 313856 bytes executable

---- EOF - GMER 1.0.15 ----


DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Nate Will at 9:49:41.32 on Fri 12/17/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3839.2365 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\MAFWTray.exe
C:\Program Files (x86)\BinarySense\HDDTemp4\HDDtemp4.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Nate Will\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Nate Will\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - z:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - A:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mRun: [HDDtemp4] C:\Program Files (x86)\BinarySense\HDDTemp4\HDDtemp4.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [uPc+kt0NfSaXms] rundll32.exe C:\Windows\system32\o9yo4y.dll, SystemServer
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: HideActionCenter = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - A:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - z:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

================= FIREFOX ===================

FF - ProfilePath - C:\Users\NATEWI~1\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Nate Will\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\Nate Will\AppData\Roaming\Mozilla\Firefox\Profiles\342s2jn3.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: A:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: A:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Nate Will\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Nate Will\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: C:\Users\Nate Will\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nate Will\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: VLCWatcha: xxxxx@xxxxx.xxxx - %profile%\extensions\xxxxx@xxxxx.xxxx
FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Auto Hide IP: support@auto-hide-ip.com - %profile%\extensions\support@auto-hide-ip.com
FF - Ext: XULRunner: {5CB313C6-0033-4E9C-AB9A-91E3CBBA7CE4} - C:\Users\Nate Will\AppData\Local\{5CB313C6-0033-4E9C-AB9A-91E3CBBA7CE4}
FF - Ext: XULRunner: {3CE0FC79-3E77-4973-B36A-65B1F470A4BC} - C:\Windows\system32\config\systemprofile\AppData\Local\{3CE0FC79-3E77-4973-B36A-65B1F470A4BC}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc, BRI/1

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-10-28 233488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-28 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-28 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-28 83120]
R2 HDD & SSD access service;HDD & SSD access service;C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe [2010-6-22 165888]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-1 363344]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-10-28 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-10-28 1142224]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2009-12-11 6228480]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2009-12-11 160256]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 MAFW;Service for M-Audio FireWire;C:\Windows\System32\drivers\mafw.sys [2009-7-29 231944]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-1 24152]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 133104]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2010-1-28 31248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-12-17 10:49:21 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{58106093-9F5D-4F15-8349-F5E64F8937E5}\mpengine.dll
2010-12-16 16:54:27 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\TH2
2010-12-14 14:37:26 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\TH1
2010-12-11 23:28:58 -------- d-----w- C:\PROGRA~3\Sound Quest
2010-12-11 23:28:54 -------- d-----w- C:\Program Files\Sound Quest
2010-12-09 09:54:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-12-09 09:54:08 -------- d-----w- C:\Windows\SHELLNEW
2010-12-06 08:53:05 -------- d-----w- C:\Users\NATEWI~1\AppData\Local\MediaMonkey
2010-12-06 07:45:19 -------- d-----w- C:\Windows\SysWow64\BestPractices
2010-12-06 07:45:18 -------- d-----w- C:\Windows\System32\BestPractices
2010-12-06 07:45:16 -------- d-----w- C:\inetpub
2010-12-03 16:01:28 -------- d-----w- C:\Windows\KConvert Temp
2010-12-03 16:01:28 -------- d-----w- C:\Windows\KConvert Logs
2010-12-02 02:13:29 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\AutoHideIP
2010-12-02 02:13:29 -------- d-----w- C:\PROGRA~3\AutoHideIP
2010-12-02 02:12:16 -------- d-----w- C:\Program Files (x86)\AutoHideIP
2010-12-01 06:37:00 -------- dc-h--w- C:\PROGRA~3\{7D55A338-9946-4B03-9D84-8FD1472DA229}
2010-12-01 06:27:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-01 06:27:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-01 05:48:52 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\Malwarebytes
2010-12-01 05:48:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-01 05:48:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-01 04:17:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2010-12-01 04:17:03 2045952 ----a-w- C:\Windows\SysWow64\bconvert.dll
2010-11-30 18:39:58 -------- d-----w- C:\Program Files (x86)\Toontrack
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-24 08:11:41 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-24 08:11:40 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-24 08:11:39 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-24 08:11:39 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-23 05:40:50 -------- d-----w- C:\Program Files (x86)\Beat Kangz
2010-11-20 07:18:52 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\iZotope
2010-11-19 09:27:47 -------- d-----w- C:\PROGRA~3\Audio Damage
2010-11-19 09:23:47 -------- dc-h--w- C:\PROGRA~3\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-11-19 09:18:37 -------- d-----w- C:\Program Files (x86)\FXpansion
2010-11-19 09:18:18 -------- d-----w- C:\Users\NATEWI~1\AppData\Roaming\FXpansion

==================== Find3M ====================

2010-12-16 00:20:34 118784 ----a-w- C:\Windows\dsdxirmv.exe
2010-11-23 02:22:38 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-20 19:21:51 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 9:51:08.33 ===============
 
here's the ESET log.txt:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=f3615ddd256583498f95793751a3b36d
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-17 09:23:48
# local_time=2010-12-17 04:23:48 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 29016046 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 44155996 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=368985
# found=0
# cleaned=0
# scan_time=8505
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=f3615ddd256583498f95793751a3b36d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-18 03:30:43
# local_time=2010-12-17 10:30:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 0 29027926 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 44167876 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=810687
# found=16
# cleaned=0
# scan_time=18723
E:\FILES\D16.Group.Decimort.VST.v1.0.Incl.Keygen-AiR\Keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\Izotope.iDrum.VSTi.RTAS.v1.7.1.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\Izotope.iDrum.VSTi.RTAS.v1.7.3.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\IZotope.Spectron.VST.DX.AS.RTAS.HTDM.v1.13.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\OhmForce.Mobilohm.PRO.VST.RTAS.v1.21.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\OhmForce.OhmBoyz.PRO.VST.RTAS.v1.51.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\OhmForce.Ohmicide.PRO.VST.RTAS.v1.23.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\OhmForce.QuadFrohmage.PRO.VST.RTAS.v1.31.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\OhmForce.Symptohm.Melohman.VSTi.RTAS.v1.21.incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\PSP.Audioware.MasterComp.VST.RTAS.v1.5.4.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\PSP.Audioware.Nitro.VST.RTAS.v1.1.2.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\PSP.Audioware.Oldtimer.VST.RTAS.x32.x64.v1.1.2.Incl.Keygen.READNFO-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\Sony Vegas Pro 9.0c Build 896 32+64bit (Includes working keygen)\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
E:\FILES\Sony Vegas Pro v9.0b Build 772-Digital Insanity[H33T][Frapmat212]\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
Z:\Downloads\LinPlug.Albino.VSTi.v3.1.0.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
Z:\Downloads\LinPlug.Octopus.VSTi.v1.3.0.Incl.Keygen-AiR\keygen.exe a variant of Win32/Keygen.AD application (unable to clean) 00000000000000000000000000000000 I
 
Status
Not open for further replies.

Similar threads

ravisunny2
Solved Need help with possible infection
Replies
11
Views
3K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
TDMoor
Solved Automatic Proxy Setup Script on Chrome
2 3
Replies
50
Views
12K
Broni
Broni

Latest posts

Back