another friends computer filled with the nasties

Question

sampson 0 Junior Poster

13 Years Ago

Friend dropped this off for a helping hand. Computer after clean ups is still very sluggish but it seems pop ups and IE registry pop up(virus i assume) have stopped.

Mba-m log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/7/2011 8:06:19 PM
mbam-log-2011-01-07 (20-06-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 172478
Time elapsed: 29 minute(s), 46 second(s)

Memory Processes Infected: 30
Memory Modules Infected: 2
Registry Keys Infected: 13
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 70
Files Infected: 641

Memory Processes Infected:
c:\WINDOWS\system32\zwpry.exe (Spyware.Passwords) -> 2908 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3704 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3356 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3816 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 796 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3304 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3872 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3896 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 268 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3960 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3628 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3532 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3408 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2740 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3892 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2880 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2160 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 440 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 448 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2900 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 572 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3600 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 808 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 212 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3068 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2784 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 2712 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 724 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3096 -> Unloaded process successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> 3948 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Not selected for removal.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Spyware.Passwords) -> Value: cftmon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\vxcymsnb (Trojan.FakeAlert.Gen) -> Value: vxcymsnb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Cupcake\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\localservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\localservice\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\User\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\User\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Not selected for removal.

Files Infected:
c:\WINDOWS\system32\zwpry.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\8T538xi7.exe (Trojan.Agent) -> Delete on reboot.
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Cupcake\local settings\Temp\dnea.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Cupcake\local settings\Temp\dne38.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Derek\local settings\Temp\dne58.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Derek\local settings\Temp\dnec.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\dned.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\User\local settings\Temp\dnea.tmp.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jdezx.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jeaw.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ogiq.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xfzxc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\Derek\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Not selected for removal.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png

windows-virus

3 Contributors
17 Replies
312 Views
2 Days Discussion Span
Latest Post 13 Years Ago Latest Post by sampson

All 17 Replies

jholland1964 650 Posting Expert

13 Years Ago

Why wasn't everything found by the MBA-M scan removed? Many items show as Not selected for removal. If fact I would say more than half of the items found were not removed. So the computer is still severely infected. ALL items found by MBA-M should be removed, not just part of them. The log clearly shows that Folders Infected: 70
Files Infected: 641 and Memory Modules Infected: 2 found were NOT removed. There were also several registry entries not fixed either.

So MBA-M was not given the chance to remove everything found. You will need to Update it again and run another full scan. This time be 100% sure that you have it remove everything found and Reboot the computer.

You have posted this MBA-M log twice and not posted the GMER log.

To fix the Hosts file do the following from mvps.org:
Download: hosts.zip [right-click - Select: Save Target As] [Updated December-04-2010]

This download includes a simple batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP then copy the included updated HOSTS file to the proper location. For more information please see the readme.txt included in the download.
When you run the (mvps.bat) batch file XP users may see a prompt, simply click Run and continue. Once updated you should see another prompt that the task was completed. Some users may see a pop-up from certain Security programs about changes to the HOSTS file. Allow the change ... however if you see this pop-up at any other time ... investigate.

Do the hosts fix. Redo MBA-M and post back with that log. We do need to see the GMER log also.

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

jholland1964 650 Posting Expert

13 Years Ago

Having crunchie take a look at this. One of us will post back with further instuctions.
Judy

crunchie 990 Most Valuable Poster

13 Years Ago

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::



File::

c:\windows\etohibew.dll



RENV::

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe

c:\program files\Common Files\Java\Java Update\jusched .exe

c:\program files\iTunes\iTunesHelper .exe

c:\program files\QuickTime\qttask       .exe

c:\program files\uTorrent\uTorrent .exe

c:\windows\system32\rundll32 .exe



Registry::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bvafifafa"=-

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====================================

Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

crunchie 990 Most Valuable Poster

13 Years Ago

Ok. Delete the version of combofix you have and download the latest.
Run the following when done:

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sampson 0 Junior Poster · Answer 1 · 2011-01-09T04:29:09+00:00

Sorry about the MBA-M log. I posted the wrong one.

original MBA-M log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/7/2011 8:46:00 PM
mbam-log-2011-01-07 (20-46-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 181894
Time elapsed: 21 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 70
Files Infected: 625

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\Cupcake\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\User\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\pr

sampson 0 Junior Poster · Answer 2 · 2011-01-09T08:12:34+00:00

Thank you for helping me with my friends computer issue.
Here are the logs requested.

CF log:

ComboFix 11-01-08.03 - User 01/08/2011 20:41:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.307 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\boost_interprocess\20101226104111.375000
c:\documents and settings\All Users\Application Data\boost_interprocess\20101226104111.375000\GoogleImpl
c:\documents and settings\Cupcake\delme.bat
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome.manifest
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome\content\_cfg.js
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\chrome\content\overlay.xul
c:\documents and settings\Cupcake\Local Settings\Application Data\{363D98C2-C60F-4AB3-8135-31E2352EF712}\install.rdf
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48\enemies-names.txt
c:\documents and settings\Derek\Application Data\99A50BF239FF362459D44189CE7D5C48\local.ini
c:\documents and settings\Derek\delme.bat
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome.manifest
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome\content\_cfg.js
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\chrome\content\overlay.xul
c:\documents and settings\Derek\Local Settings\Application Data\{BBBE0341-F1C0-4CA1-91F3-02518F91667A}\install.rdf
c:\documents and settings\User\delme.bat
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\umiqawic.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-08 01:14 . 2011-01-08 01:15 -------- d-----w- c:\documents and settings\Administrator
2011-01-07 11:52 . 2011-01-07 11:52 -------- d-----w- C:\7ff6eab5b08bc0010200a76999412d2d
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2011-01-06 20:45 . 2011-01-06 20:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-01-06 17:30 . 2011-01-06 17:30 -------- d-----w- c:\documents and settings\Cupcake\Application Data\Malwarebytes
2011-01-06 16:52 . 2011-01-06 16:52 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-06 16:51 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 16:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 16:51 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-06 16:45 . 2011-01-06 16:45 -------- d-----w- C:\found.001
2010-12-29 21:05 . 2010-12-29 21:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-12-29 21:03 . 2011-01-06 17:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-12-29 21:03 . 2010-12-29 21:03 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-22 03:21 . 2010-12-26 15:42 530 ----a-w- c:\documents and settings\User\Application Data\net.vbs
2010-12-22 03:21 . 2010-12-26 15:42 1018 ----a-w- c:\documents and settings\User\Application Data\net.bat
2010-12-22 03:21 . 2010-12-22 03:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}
2010-12-22 02:25 . 2010-12-22 02:25 -------- d-----w- C:\$AVG
2010-12-22 01:57 . 2010-12-22 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-22 01:26 . 2010-12-22 01:28 826 ----a-w- c:\documents and settings\Cupcake\Application Data\net.bat
2010-12-22 01:26 . 2010-12-22 01:28 533 ----a-w- c:\documents and settings\Cupcake\Application Data\net.vbs
2010-12-21 23:10 . 2010-12-21 23:10 3022 ----a-w- c:\documents and settings\Derek\Application Data\zEKRY.exe
2010-12-21 20:43 . 2011-01-09 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-12-21 20:40 . 2010-12-22 02:23 810 ----a-w- c:\documents and settings\Derek\Application Data\net.bat
2010-12-21 20:40 . 2010-12-22 02:23 531 ----a-w- c:\documents and settings\Derek\Application Data\net.vbs
2010-12-21 20:40 . 2010-12-21 20:40 3022 ----a-w- c:\documents and settings\Derek\Application Data\dcwb4.exe
2010-12-21 20:37 . 2010-12-26 15:45 0 ----a-w- c:\windows\Ucebamomigo.bin
2010-12-20 12:04 . 2010-12-20 12:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-20 12:04 . 2010-12-20 12:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-20 11:50 . 2010-12-20 11:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-20 07:44 . 2010-12-20 07:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-08-26 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-26 21:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2010-08-26 20:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\qttask       .exe
c:\program files\uTorrent\uTorrent .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"506E7F4A_ 0"="c:\documents and settings\User\Application Data\wt7cw .exe" [N/A]
"Google Updater"="c:\documents and settings\User\Application Data\GoogleUpdater.exe.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-09 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-09 137752]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"Bvafifafa"="c:\windows\etohibew.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-28 232912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/26/2010 3:51 PM 1691480]
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1b0sxjj7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8074
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {3BD231CB-2DAD-416D-8227-BFAAC95248C6} - c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8236A555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x823707b0]; MOV EAX, [0x8237082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x823CE030]
3 CLASSPNP[0xF84B4FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000005f[0x823D2378]
5 ACPI[0xF834B620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x823D2030]
\Driver\atapi[0x82384928] -> IRP_MJ_CREATE -> 0x8236A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3160815AS_____________________________3.AAD___#5&19a7071e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8236A39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,36,45,cc,29,b8,2d,4c,bc,8b,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,36,45,cc,29,b8,2d,4c,bc,8b,4c,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-01-08 21:02:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-09 02:02

Pre-Run: 150,086,856,704 bytes free
Post-Run: 150,695,288,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8722BA631EBB5F375DBA9D7EB37C1B25

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:33 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bvafifafa] rundll32.exe "C:\WINDOWS\etohibew.dll",Startup
O4 - HKCU\..\Run: [506E7F4A_ 0] C:\Documents and Settings\User\Application Data\wt7cw .exe
O4 - HKCU\..\Run: [Google Updater] C:\Documents and Settings\User\Application Data\GoogleUpdater.exe.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -update activex (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4236 bytes

Thanks!!!!!!

sampson 0 Junior Poster · Answer 3 · 2011-01-09T18:03:27+00:00

TDSSKiller log:

2011/01/09 06:24:34.0859 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/09 06:24:34.0859 ================================================================================
2011/01/09 06:24:34.0859 SystemInfo:
2011/01/09 06:24:34.0859
2011/01/09 06:24:34.0859 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/09 06:24:34.0859 Product type: Workstation
2011/01/09 06:24:34.0859 ComputerName: USER-ABFF97FEFA
2011/01/09 06:24:34.0859 UserName: User
2011/01/09 06:24:34.0859 Windows directory: C:\WINDOWS
2011/01/09 06:24:34.0859 System windows directory: C:\WINDOWS
2011/01/09 06:24:34.0859 Processor architecture: Intel x86
2011/01/09 06:24:34.0859 Number of processors: 2
2011/01/09 06:24:34.0859 Page size: 0x1000
2011/01/09 06:24:34.0859 Boot type: Normal boot
2011/01/09 06:24:34.0859 ================================================================================
2011/01/09 06:24:34.0984 Initialize success
2011/01/09 06:24:39.0671 ================================================================================
2011/01/09 06:24:39.0671 Scan started
2011/01/09 06:24:39.0671 Mode: Manual;
2011/01/09 06:24:39.0671 ================================================================================
2011/01/09 06:24:40.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/09 06:24:40.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/09 06:24:40.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/09 06:24:40.0875 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/09 06:24:41.0093 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/09 06:24:41.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/09 06:24:41.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/09 06:24:41.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/09 06:24:41.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/09 06:24:41.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/09 06:24:41.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/09 06:24:41.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/09 06:24:41.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/09 06:24:42.0000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/09 06:24:42.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/09 06:24:42.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/09 06:24:42.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/09 06:24:42.0437 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/09 06:24:42.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/09 06:24:42.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/09 06:24:42.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/09 06:24:42.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/09 06:24:42.0718 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/09 06:24:42.0750 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/09 06:24:42.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/09 06:24:42.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/09 06:24:43.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/09 06:24:43.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/09 06:24:43.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/09 06:24:43.0203 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/09 06:24:43.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/09 06:24:43.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/09 06:24:43.0687 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/01/09 06:24:43.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/09 06:24:44.0156 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/09 06:24:44.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/09 06:24:44.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/09 06:24:44.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/09 06:24:44.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/09 06:24:44.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/09 06:24:44.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/09 06:24:44.0890 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/01/09 06:24:44.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/09 06:24:45.0000 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/01/09 06:24:45.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/09 06:24:45.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/09 06:24:45.0093 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/09 06:24:45.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/09 06:24:45.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/09 06:24:45.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/09 06:24:45.0437 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/09 06:24:45.0531 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/09 06:24:45.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/09 06:24:45.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/09 06:24:45.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/09 06:24:45.0781 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/09 06:24:45.0890 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/09 06:24:45.0937 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/09 06:24:45.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/09 06:24:45.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/09 06:24:46.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/09 06:24:46.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/09 06:24:46.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/09 06:24:46.0265 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/09 06:24:46.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/09 06:24:46.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/09 06:24:46.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/09 06:24:46.0484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/09 06:24:46.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/09 06:24:46.0671 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/09 06:24:46.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/09 06:24:46.0828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/09 06:24:46.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/09 06:24:46.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/09 06:24:47.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/09 06:24:47.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/09 06:24:47.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/09 06:24:47.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/09 06:24:47.0281 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/09 06:24:47.0343 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/09 06:24:47.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/09 06:24:47.0734 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/09 06:24:47.0765 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/09 06:24:47.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/09 06:24:48.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/09 06:24:48.0203 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/01/09 06:24:48.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/09 06:24:48.0250 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/09 06:24:48.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/09 06:24:48.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/09 06:24:48.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/09 06:24:48.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/09 06:24:48.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/09 06:24:48.0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/09 06:24:48.0734 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/09 06:24:48.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/09 06:24:49.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/09 06:24:49.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/09 06:24:49.0218 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/09 06:24:49.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/09 06:24:49.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/09 06:24:49.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/09 06:24:49.0578 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/09 06:24:49.0703 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/09 06:24:49.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/09 06:24:49.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/09 06:24:50.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/09 06:24:50.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/09 06:24:50.0140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/09 06:24:50.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/09 06:24:50.0375 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/09 06:24:50.0453 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/09 06:24:50.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/09 06:24:50.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/09 06:24:50.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/09 06:24:50.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/09 06:24:50.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/09 06:24:50.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/09 06:24:50.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/09 06:24:50.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/09 06:24:51.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/09 06:24:51.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/09 06:24:51.0218 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/09 06:24:51.0328 ================================================================================
2011/01/09 06:24:51.0328 Scan finished
2011/01/09 06:24:51.0328 ================================================================================
2011/01/09 06:24:51.0343 Detected object count: 1
2011/01/09 06:24:58.0187 \HardDisk0 - will be cured after reboot
2011/01/09 06:24:58.0187 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/09 06:25:29.0546 Deinitialize success

combofixtxt report log:
please note that while running this it asked me if i wanted to update combofix to a new release version...i clicked "no" do not know if this was right or not

ComboFix 11-01-08.03 - User 01/09/2011 6:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.320 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\etohibew.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}
c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{3BD231CB-2DAD-416D-8227-BFAAC95248C6}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 02:08 . 2011-01-09 02:08 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-09 02:08 . 2011-01-09 02:08 -------- d-----w- c:\program files\Trend Micro
2011-01-08 01:14 . 2011-01-08 01:15 -------- d-----w- c:\documents and settings\Administrator
2011-01-07 11:52 . 2011-01-07 11:52 -------- d-----w- C:\7ff6eab5b08bc0010200a76999412d2d
2011-01-07 11:35 . 2011-01-07 11:35 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2011-01-06 20:45 . 2011-01-06 20:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-01-06 19:00 . 2011-01-06 19:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-01-06 17:30 . 2011-01-06 17:30 -------- d-----w- c:\documents and settings\Cupcake\Application Data\Malwarebytes
2011-01-06 16:52 . 2011-01-06 16:52 -------- d-----w- c:\windows\system32\%APPDATA%
2011-01-06 16:51 . 2008-04-14 10:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-01-06 16:51 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-01-06 16:51 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-01-06 16:51 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-01-06 16:45 . 2011-01-06 16:45 -------- d-----w- C:\found.001
2010-12-29 21:05 . 2010-12-29 21:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-12-29 21:03 . 2011-01-06 17:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-12-29 21:03 . 2010-12-29 21:03 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-12-22 03:21 . 2010-12-26 15:42 530 ----a-w- c:\documents and settings\User\Application Data\net.vbs
2010-12-22 03:21 . 2010-12-26 15:42 1018 ----a-w- c:\documents and settings\User\Application Data\net.bat
2010-12-22 02:25 . 2010-12-22 02:25 -------- d-----w- C:\$AVG
2010-12-22 01:57 . 2010-12-22 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-12-22 01:26 . 2010-12-22 01:28 826 ----a-w- c:\documents and settings\Cupcake\Application Data\net.bat
2010-12-22 01:26 . 2010-12-22 01:28 533 ----a-w- c:\documents and settings\Cupcake\Application Data\net.vbs
2010-12-21 23:10 . 2010-12-21 23:10 3022 ----a-w- c:\documents and settings\Derek\Application Data\zEKRY.exe
2010-12-21 20:43 . 2011-01-09 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2010-12-21 20:40 . 2010-12-22 02:23 810 ----a-w- c:\documents and settings\Derek\Application Data\net.bat
2010-12-21 20:40 . 2010-12-22 02:23 531 ----a-w- c:\documents and settings\Derek\Application Data\net.vbs
2010-12-21 20:40 . 2010-12-21 20:40 3022 ----a-w- c:\documents and settings\Derek\Application Data\dcwb4.exe
2010-12-21 20:37 . 2010-12-26 15:45 0 ----a-w- c:\windows\Ucebamomigo.bin
2010-12-20 12:04 . 2010-12-20 12:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-20 12:04 . 2010-12-20 12:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-20 11:50 . 2010-12-20 11:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-20 07:44 . 2010-12-20 07:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-08-26 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-08-26 21:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2010-08-26 20:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-09_01.57.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-09 11:16 . 2011-01-09 11:16 16384 c:\windows\temp\Perflib_Perfdata_6b0.dat
+ 2011-01-09 02:08 . 2011-01-09 02:08 1094656 c:\windows\Installer\f4168.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-09 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-09 137752]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-28 232912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/26/2010 3:51 PM 1691480]
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\1b0sxjj7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8074
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-506E7F4A_ 0 - c:\documents and settings\User\Application Data\wt7cw .exe
HKCU-Run-Google Updater - c:\documents and settings\User\Application Data\GoogleUpdater.exe.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160815AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskST3160815AS_____________________________3.AAD___#5&19a7071e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8236239B
user & kernel MBR OK