1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Crashes, Google Redirects, White Smoke Translator installed on my desktop...

Discussion in 'Virus & Other Malware Removal' started by SCA2014, Jan 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    Hi!

    I recently allowed an unknown .exe file to run on my computer and have since had all of the above problems. My system has crashed repeatedly with a blue screen of death which said something about a driver error (it was always too quick for me to read, but if it happens again I will post a picture of it). Also, all of my google search result links redirect to another website. Finally, the last straw, a program called White Smoke Transaltor appeared on my desktop one morning. I uninstalled it, but a couple of the files cannot be removed. I am running Window 7 (64-bit) on an HP laptop.

    HiJack This:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:31:46 AM, on 1/17/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\AGB\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/homepage.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll (file missing)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\AGB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://125.206.34.117/cgi-bin/kxhcm10.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://ots.bne.jp/JpegInst.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\Windows\SysWOW64\r_server.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 15122 bytes

    DDS log


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by AGB at 11:41:24.28 on Mon 01/17/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1676 [GMT -8:00]
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
    C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\SysWOW64\r_server.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Whitesmoke Translator\WSTrayDictMode.exe
    C:\Program Files (x86)\Whitesmoke Translator\WhiteSmokeDictRegistration.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\AGB\Desktop\HijackThis.exe
    C:\Windows\system32\sppsvc.exe
    C:\Users\AGB\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\AGB\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = file:///C:/homepage.htm
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
    TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [Google Update] "C:\Users\AGB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
    mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://125.206.34.117/cgi-bin/kxhcm10.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://ots.bne.jp/JpegInst.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [lxcrmon.exe] "C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe"
    mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe"
    mRun-x64: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry
    mRun-x64: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
    mRun-x64: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    ================= FIREFOX ===================
    FF - ProfilePath - C:\Users\AGB\AppData\Roaming\Mozilla\Firefox\Profiles\wc42349n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uuu.gillenburch.com
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\AGB\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\AGB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\AGB\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: [email protected] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    ============= SERVICES / DRIVERS ===============
    R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2010-2-4 304232]
    R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2010-4-2 32352]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-4 55280]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-11-28 121936]
    R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2010-4-2 70344]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-11 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-11-28 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-11-28 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-16 40384]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
    R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
    R2 r_server;Remote Administrator Service;C:\Windows\SysWOW64\r_server.exe [2010-1-1 724992]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-16 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-16 40384]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-16 227896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-11 215040]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-11 36408]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-3 136176]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2010-4-10 484736]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-11 216576]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    =============== Created Last 30 ================
    2011-01-16 02:53:49 -------- d-----w- C:\Program Files (x86)\Whitesmoke Translator
    2011-01-14 20:02:47 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8C2CF96E-A2F1-4A28-B907-246B39332C78}\mpengine.dll
    2011-01-05 21:22:39 33792 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\cl31cpc.dll
    ==================== Find3M ====================
    2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
    2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2010-10-27 19:28:46 11320 ----a-w- C:\Windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    ============= FINISH: 11:42:59.76 ===============



    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-17 12:06:57
    Windows 6.1.7600
    Running: p2orfy6r.exe

    ---- Files - GMER 1.0.15 ----
    File C:\Users\AGB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FT3OJURO\bind[1].htm 0 bytes
    ---- EOF - GMER 1.0.15 ----





    Thank you so much for helping me!!
     

    Attached Files:

  2. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    Still having problems all the above problems...my laptop has trouble booting on occasion.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    step 1
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log

    step 2
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  4. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    Thank you so much for helping me!

    Here is the TDS Killer log:

    2011/01/24 18:47:45.0931 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/24 18:47:45.0931 ================================================================================
    2011/01/24 18:47:45.0931 SystemInfo:
    2011/01/24 18:47:45.0932
    2011/01/24 18:47:45.0932 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/24 18:47:45.0932 Product type: Workstation
    2011/01/24 18:47:45.0932 ComputerName: GILLEN
    2011/01/24 18:47:45.0932 UserName: AGB
    2011/01/24 18:47:45.0932 Windows directory: C:\Windows
    2011/01/24 18:47:45.0932 System windows directory: C:\Windows
    2011/01/24 18:47:45.0932 Running under WOW64
    2011/01/24 18:47:45.0932 Processor architecture: Intel x64
    2011/01/24 18:47:45.0933 Number of processors: 1
    2011/01/24 18:47:45.0933 Page size: 0x1000
    2011/01/24 18:47:45.0934 Boot type: Normal boot
    2011/01/24 18:47:45.0934 ================================================================================
    2011/01/24 18:47:46.0576 Initialize success
    2011/01/24 18:47:51.0728 ================================================================================
    2011/01/24 18:47:51.0728 Scan started
    2011/01/24 18:47:51.0728 Mode: Manual;
    2011/01/24 18:47:51.0728 ================================================================================
    2011/01/24 18:47:52.0940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/24 18:47:53.0082 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
    2011/01/24 18:47:53.0184 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/24 18:47:53.0276 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/24 18:47:53.0398 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/24 18:47:53.0466 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/24 18:47:53.0536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/24 18:47:53.0690 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/01/24 18:47:53.0832 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
    2011/01/24 18:47:53.0924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/24 18:47:54.0046 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/24 18:47:54.0145 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/24 18:47:54.0218 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/24 18:47:54.0290 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/24 18:47:54.0372 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/24 18:47:54.0454 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/24 18:47:54.0515 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/24 18:47:54.0618 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/01/24 18:47:54.0820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/24 18:47:54.0878 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/24 18:47:55.0002 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/01/24 18:47:55.0134 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/01/24 18:47:55.0246 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
    2011/01/24 18:47:55.0358 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
    2011/01/24 18:47:55.0470 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
    2011/01/24 18:47:55.0552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/24 18:47:55.0636 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/24 18:47:55.0786 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
    2011/01/24 18:47:55.0968 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/01/24 18:47:56.0245 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/24 18:47:56.0396 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    2011/01/24 18:47:56.0624 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
    2011/01/24 18:47:56.0876 AVCSTRM (155f536d6181508929f4fe177f4167ce) C:\Windows\system32\DRIVERS\avcstrm.sys
    2011/01/24 18:47:57.0018 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/01/24 18:47:57.0126 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/01/24 18:47:57.0237 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/01/24 18:47:57.0387 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/24 18:47:57.0519 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/24 18:47:57.0611 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/24 18:47:57.0676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/24 18:47:57.0773 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/24 18:47:57.0855 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/24 18:47:57.0942 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/24 18:47:58.0006 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/24 18:47:58.0081 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/24 18:47:58.0197 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
    2011/01/24 18:47:58.0267 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/24 18:47:58.0367 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/24 18:47:58.0479 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/24 18:47:58.0591 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/01/24 18:47:58.0770 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/24 18:47:58.0837 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/24 18:47:58.0919 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/01/24 18:47:59.0031 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/24 18:47:59.0123 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/24 18:47:59.0247 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/24 18:47:59.0395 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys
    2011/01/24 18:47:59.0559 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/24 18:47:59.0648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/01/24 18:47:59.0741 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/24 18:47:59.0883 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/24 18:47:59.0995 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/24 18:48:00.0247 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/01/24 18:48:00.0521 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/24 18:48:00.0603 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/24 18:48:00.0755 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/01/24 18:48:00.0827 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/01/24 18:48:00.0949 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/24 18:48:01.0064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/24 18:48:01.0125 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/01/24 18:48:01.0209 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/24 18:48:01.0301 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/24 18:48:01.0406 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/24 18:48:01.0489 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/24 18:48:01.0588 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/24 18:48:01.0658 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/24 18:48:01.0750 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/24 18:48:01.0902 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/24 18:48:02.0053 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/24 18:48:02.0136 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/24 18:48:02.0208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/24 18:48:02.0313 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/24 18:48:02.0382 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/24 18:48:02.0484 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/24 18:48:02.0716 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/01/24 18:48:02.0828 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/24 18:48:02.0940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/01/24 18:48:03.0025 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/24 18:48:03.0126 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/24 18:48:03.0248 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/24 18:48:03.0618 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/01/24 18:48:03.0854 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/24 18:48:03.0923 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/24 18:48:03.0996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/24 18:48:04.0068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/24 18:48:04.0145 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/24 18:48:04.0180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/01/24 18:48:04.0272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/01/24 18:48:04.0332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/24 18:48:04.0392 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/24 18:48:04.0454 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/24 18:48:04.0524 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/24 18:48:04.0598 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/24 18:48:04.0686 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/24 18:48:04.0743 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/01/24 18:48:04.0920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/24 18:48:05.0052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/24 18:48:05.0114 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/24 18:48:05.0165 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/24 18:48:05.0226 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/24 18:48:05.0318 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/01/24 18:48:05.0480 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
    2011/01/24 18:48:05.0602 MDFSYSNT (72040607e6e4115c154d730219bafab3) C:\Windows\system32\drivers\MDFSYSNT.sys
    2011/01/24 18:48:05.0704 MDPMGRNT (f2ef49c3e47bd3fb6ee71371e7eee0af) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
    2011/01/24 18:48:05.0783 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/24 18:48:05.0871 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/24 18:48:05.0964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/01/24 18:48:06.0058 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/24 18:48:06.0150 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/24 18:48:06.0216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/24 18:48:06.0294 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/24 18:48:06.0394 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/24 18:48:06.0456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/24 18:48:06.0530 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/24 18:48:06.0671 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/24 18:48:06.0766 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/24 18:48:06.0858 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/24 18:48:06.0940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/24 18:48:07.0046 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/24 18:48:07.0207 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
    2011/01/24 18:48:07.0286 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/01/24 18:48:07.0358 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/24 18:48:07.0437 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/24 18:48:07.0540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/24 18:48:07.0612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/24 18:48:07.0668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/24 18:48:07.0754 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/24 18:48:07.0842 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/24 18:48:07.0926 MSTAPE (966ec55988d580b9823c453781309450) C:\Windows\system32\DRIVERS\mstape.sys
    2011/01/24 18:48:07.0998 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/24 18:48:08.0078 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/24 18:48:08.0150 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/01/24 18:48:08.0222 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/24 18:48:08.0314 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/01/24 18:48:08.0376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/24 18:48:08.0436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/24 18:48:08.0506 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/24 18:48:08.0598 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/24 18:48:08.0657 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/24 18:48:08.0710 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/24 18:48:08.0781 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/24 18:48:09.0109 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    2011/01/24 18:48:09.0336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/24 18:48:09.0501 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/01/24 18:48:09.0577 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/24 18:48:09.0712 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/24 18:48:09.0811 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/01/24 18:48:09.0894 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/24 18:48:09.0986 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/24 18:48:10.0064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/24 18:48:10.0138 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/24 18:48:10.0282 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/24 18:48:10.0378 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/01/24 18:48:10.0454 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/24 18:48:10.0521 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/24 18:48:10.0618 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/24 18:48:10.0691 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/01/24 18:48:10.0772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/01/24 18:48:11.0014 PinnacleMarvinAVS (0050e6bec926c98ac6c16714ff1ad450) C:\Windows\system32\DRIVERS\MarvinAVS64.sys
    2011/01/24 18:48:11.0166 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/24 18:48:11.0236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/24 18:48:11.0336 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/24 18:48:11.0458 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/01/24 18:48:11.0570 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/24 18:48:11.0671 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/24 18:48:11.0772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/24 18:48:11.0844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/24 18:48:11.0934 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/24 18:48:12.0016 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/24 18:48:12.0128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/24 18:48:12.0220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/24 18:48:12.0299 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/24 18:48:12.0374 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/24 18:48:12.0441 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/24 18:48:12.0550 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/24 18:48:12.0626 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/24 18:48:12.0705 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/24 18:48:12.0796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/24 18:48:12.0930 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/24 18:48:13.0030 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/01/24 18:48:13.0102 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/01/24 18:48:13.0234 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/24 18:48:13.0316 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/24 18:48:13.0388 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/01/24 18:48:13.0470 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/01/24 18:48:13.0572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/24 18:48:13.0632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/24 18:48:13.0682 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/24 18:48:13.0804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/24 18:48:13.0854 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/24 18:48:13.0894 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/24 18:48:13.0946 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/24 18:48:14.0038 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/24 18:48:14.0102 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/24 18:48:14.0170 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/24 18:48:14.0272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/01/24 18:48:14.0404 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/24 18:48:14.0496 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/24 18:48:14.0578 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    2011/01/24 18:48:14.0680 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/01/24 18:48:14.0762 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    2011/01/24 18:48:14.0844 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/24 18:48:14.0966 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
    2011/01/24 18:48:15.0076 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/24 18:48:15.0196 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/01/24 18:48:15.0298 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/24 18:48:15.0470 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/01/24 18:48:15.0702 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/01/24 18:48:15.0854 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/24 18:48:15.0997 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/24 18:48:16.0088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/24 18:48:16.0141 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/24 18:48:16.0208 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/24 18:48:16.0280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/24 18:48:16.0422 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/24 18:48:16.0502 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/24 18:48:16.0564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/24 18:48:16.0644 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/24 18:48:16.0736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/24 18:48:16.0807 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/24 18:48:16.0858 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/24 18:48:16.0970 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/01/24 18:48:17.0040 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/24 18:48:17.0202 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/24 18:48:17.0252 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/24 18:48:17.0324 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
    2011/01/24 18:48:17.0426 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/24 18:48:17.0508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/24 18:48:17.0600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/24 18:48:17.0712 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/01/24 18:48:17.0794 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/24 18:48:17.0873 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/24 18:48:17.0976 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    2011/01/24 18:48:18.0098 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/24 18:48:18.0218 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/24 18:48:18.0287 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/01/24 18:48:18.0369 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/24 18:48:18.0444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/24 18:48:18.0526 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/24 18:48:18.0608 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/24 18:48:18.0710 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/24 18:48:18.0802 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/24 18:48:18.0887 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/01/24 18:48:18.0972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/01/24 18:48:19.0054 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/01/24 18:48:19.0156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/24 18:48:19.0256 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/24 18:48:19.0306 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/24 18:48:19.0450 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/24 18:48:19.0552 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    2011/01/24 18:48:19.0624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/24 18:48:19.0818 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/24 18:48:19.0868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/01/24 18:48:20.0050 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/01/24 18:48:20.0152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/24 18:48:20.0274 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/24 18:48:20.0377 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/24 18:48:20.0446 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/24 18:48:20.0548 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    2011/01/24 18:48:20.0678 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/24 18:48:20.0687 ================================================================================
    2011/01/24 18:48:20.0688 Scan finished
    2011/01/24 18:48:20.0688 ================================================================================
    2011/01/24 18:48:20.0721 Detected object count: 1
    2011/01/24 18:48:41.0806 \HardDisk0 - will be cured after reboot
    2011/01/24 18:48:41.0806 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/24 18:48:56.0140 Deinitialize success








    Here is the ComboFix log:

    ComboFix 11-01-24.01 - AGB 01/24/2011 19:02:46.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1783 [GMT -8:00]
    Running from: c:\users\AGB\Desktop\username123.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
    c:\program files (x86)\WhiteSmoke Translator
    c:\program files (x86)\WhiteSmoke Translator\buy.ico
    c:\program files (x86)\WhiteSmoke Translator\ComVistaElevator.dll
    c:\program files (x86)\WhiteSmoke Translator\Dictionary48x48.ico
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\blank.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\checkerboard.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\helix.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\iepngfix.htc
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\iepngfix.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\iepngfix\opacity.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\js\common.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\js\pngfix.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\js\prototype.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\common\js\xmlhttp.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\ajax-loader.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\bottom_bg.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\bottom_left_corner.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_bottom_left.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_bottom_right.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_top_left.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\corner_top_right.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\down_arrow.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\empty.jpg
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\input_bg.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\left_input.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\loading_dictionary.swf
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\resize.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\right_input.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Background\search_strip_bg3.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_disabled.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\dictionary_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\down_arrow.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_disabled.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\go_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_disabled.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\idioms_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_disabled.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\thesaurus_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_normal.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_pressed.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translate_rollover.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_disabled.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons\translation_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_close_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_max_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_bar_min_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_off.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_dictionary_roll_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_strip_right_corner.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_off.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\caption_translation_roll_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar\logo.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg_bottom.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_bg_top.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_captionbar_press.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\popup\screen_captionbar_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\img\spacer.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\index.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\common.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\Contextmenu.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\dictInterface.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\jquery.combobox.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\jquery.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\prototype.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\js\xmlhttp.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\style\combobox.css
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\style\Contextmenu.css
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientDic\style\dictionary.css
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\body_bg.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_bar_close_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\caption_strip.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar\logo.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\congra.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_click.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\continue_button_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\intro.jpg
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\img\welcome.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\index.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\js\regInterface.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientRegistration\style\registration.css
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\attic\use_ws_bgNEW.PNG
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.jpg
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\translator-welcome-final.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.jpg
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\use_ws_bgNEW.PNG
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\buy_button.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_over.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\caption_bar_close_up.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\arrow_white.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\caption_strip.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\left_bot_chunk.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\right_bot_chunk.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar\white_x_button.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\close_button.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\close_button_down.gif
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\expired_bg.png
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\js\iframeInterface.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\style\welcome.css
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\welcome_all.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\content\welcome_expired.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\index.html
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\js\welcomeInterface.js
    c:\program files (x86)\WhiteSmoke Translator\html\english\dictClientWelcome\style\welcomescreen.css
    c:\program files (x86)\WhiteSmoke Translator\license_agreement_translator.txt
    c:\program files (x86)\WhiteSmoke Translator\Microsoft.VC80.CRT.manifest
    c:\program files (x86)\WhiteSmoke Translator\msvcm80.dll
    c:\program files (x86)\WhiteSmoke Translator\msvcp80.dll
    c:\program files (x86)\WhiteSmoke Translator\msvcr80.dll
    c:\program files (x86)\WhiteSmoke Translator\osmax.ocx
    c:\program files (x86)\WhiteSmoke Translator\secman.dll
    c:\program files (x86)\WhiteSmoke Translator\settings.ini
    c:\program files (x86)\WhiteSmoke Translator\TCCons.dll
    c:\program files (x86)\WhiteSmoke Translator\WCapture.dll
    c:\program files (x86)\WhiteSmoke Translator\WCaptureX.dll
    c:\program files (x86)\WhiteSmoke Translator\WCustom.dll
    c:\program files (x86)\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe
    c:\program files (x86)\WhiteSmoke Translator\WHook.dll
    c:\program files (x86)\WhiteSmoke Translator\WMonitorX.dll
    c:\program files (x86)\WhiteSmoke Translator\WSDictHookDll.dll
    c:\program files (x86)\WhiteSmoke Translator\WSLogger.exe
    c:\program files (x86)\WhiteSmoke Translator\WSTrayDictMode.exe
    c:\program files (x86)\whitesmoketoolbar
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\about.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxwin.xul
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\neterror.xhtml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsspreview.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\modules\datastore.jsm
    c:\program files (x86)\whitesmoketoolbar\chrome\content\neterror.xhtml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\newtab.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\preferences.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm
    c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul
    c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\vmnrsswin.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
    c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\data\rss\rss.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\data\search\engines.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\data\search\search.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\data\weather\icons.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\634017460871087500_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\about.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\babylon_logo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_16x16.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\blank_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluelite.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluesky.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn_settings.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\ca.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkMyText_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkMyText_png_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\Dictionary_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\Dictionary_png_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\divider.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\downloadcom.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxlogo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\email.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\email_on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\eteacher_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\facebook.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon2_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\france_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\games.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\games_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\gamesIcon_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0_5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1_5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2_5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3_5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4_5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphredna.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\grey.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\ico-shield.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\images.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\italy_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\add.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\aol.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\blank.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn_slider.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\checkmark.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\chevron.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\collapse.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\comcast.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\dtx.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\expand.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\found.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\gmail.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\hotmail.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\ico-check.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\imap.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lock.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\logo-separator.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\mailcom.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\modify.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\move.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\movetarget.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\pop.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\reload.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\remove.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rename.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\resize-box.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rss.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search-go.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\throbber.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\yahoo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\lichen.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-about.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-separator.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\mail.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\menuseparatorback.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify-save.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\modifyhot.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\music.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\namespacetoolbar.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\networkIcons_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\news.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-main.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-weather.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-widgets.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\orange.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\pixsy.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\protect-id.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\relatedlinks.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-collapse.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-delete.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-expand.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-feed.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-remove.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-rename.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-found.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-reload.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-subscribe.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss_feed_icon_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rssback.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\rsstopback.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\search-over.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\search.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\settings.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\shopping.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\siteinfo.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluelite.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluesky.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-grey.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-lichen.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-orange.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-yellow.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin.xml
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\spain_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\technorati.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\throbber.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\toolbarsplitter.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\translate.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\Translate_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\Translate_png_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\TRUSTe_about.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\TV_icon3_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvicon_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvIcons_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\usa_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.css
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\web.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\wikipedia.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\yahoosearch.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\yellow.gif
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\youtube.png
    c:\program files (x86)\whitesmoketoolbar\chrome\skin\zoom.png
    c:\program files (x86)\whitesmoketoolbar\components\windowmediator.js
    c:\program files (x86)\whitesmoketoolbar\manifest.xml
    c:\program files (x86)\whitesmoketoolbar\toolbar.xml
    c:\program files (x86)\whitesmoketoolbar\uninstall.exe
    c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll
    c:\program files (x86)\whitesmoketoolbar\whITesmoketoolbarx.dll
    c:\users\AGB\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
    c:\windows\Downloaded Program Files\Install.inf
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
    .
    2011-01-25 03:13 . 2011-01-25 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-25 02:42 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-25 02:42 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-25 02:42 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-25 02:42 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-25 02:42 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-25 02:41 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-25 02:41 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-25 02:35 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3103268-F6C9-46D7-9F57-E5FCB2217E2B}\mpengine.dll
    2011-01-24 19:04 . 2011-01-25 02:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2011-01-24 18:42 . 2011-01-25 02:26 -------- d-----w- c:\programdata\PC Tools
    2011-01-24 07:42 . 2011-01-25 02:24 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-01-24 07:42 . 2011-01-25 02:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-01-24 07:27 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-21 18:32 . 2011-01-21 18:32 -------- d-----w- c:\programdata\Recovery
    2011-01-05 21:22 . 2008-09-08 15:19 33792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\cl31cpc.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-13 00:53 . 2010-04-29 07:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-04 06:35 . 2010-12-14 19:51 1194496 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 06:31 . 2010-12-14 19:50 57856 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 05:52 . 2010-12-14 19:51 978944 ----a-w- c:\windows\SysWow64\wininet.dll
    2010-11-04 05:48 . 2010-12-14 19:50 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2010-11-04 05:16 . 2010-12-14 19:50 482816 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:41 . 2010-12-14 19:50 386048 ----a-w- c:\windows\SysWow64\html.iec
    2010-11-04 04:35 . 2010-12-14 19:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-04 04:08 . 2010-12-14 19:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-11-02 05:18 . 2010-12-14 19:49 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-14 19:49 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:17 . 2010-12-14 19:49 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:16 . 2010-12-14 19:49 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-14 19:49 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-14 19:49 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-14 19:49 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-14 19:49 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-14 19:49 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-14 19:49 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-10-27 19:28 . 2010-10-27 19:28 11320 ----a-w- c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
    2010-10-27 05:06 . 2010-12-14 19:50 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-14 19:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-01-02 289584]
    "Google Update"="c:\users\AGB\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-04 135664]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-23 1242448]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-6-1 113664]
    Launch Whitesmoke Translator.lnk - c:\program files (x86)\Whitesmoke Translator\WSTrayDictMode.exe [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 MDFSYSNT;MacDrive file system driver; [x]
    S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2009-09-23 32352]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 aswSP;aswSP; [x]
    S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 70344]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
    S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
    S2 r_server;Remote Administrator Service;c:\windows\SysWOW64\r_server.exe [2005-06-21 724992]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 17:30]
    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 17:30]
    2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3395846911-1433732156-2876719028-1001Core.job
    - c:\users\AGB\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-04 05:30]
    2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3395846911-1433732156-2876719028-1001UA.job
    - c:\users\AGB\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-04 05:30]
    2011-01-06 c:\windows\Tasks\HPCeeScheduleForAGB.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
    .
    --------- x86-64 -----------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
    "lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
    "EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
    "LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
    "MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 345688]
    "Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 151040]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = file:///C:/homepage.htm
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://125.206.34.117/cgi-bin/kxhcm10.ocx
    DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://ots.bne.jp/JpegInst.cab
    FF - ProfilePath - c:\users\AGB\AppData\Roaming\Mozilla\Firefox\Profiles\wc42349n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uuu.gillenburch.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    Wow6432Node-HKLM-Run-lxcrmon.exe - c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe
    Wow6432Node-HKLM-Run-ThreatFire - c:\program files (x86)\ThreatFire\TFTray.exe
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,67,3e,26,6a,cf,8e,41,a1,51,ea,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,67,3e,26,6a,cf,8e,41,a1,51,ea,\
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-24 19:16:00
    ComboFix-quarantined-files.txt 2011-01-25 03:15
    Pre-Run: 32,280,788,992 bytes free
    Post-Run: 32,104,878,080 bytes free
    - - End Of File - - 65C1FBEA25A7A9414358C0BF171C5DC7



    It definitely seemed like ComboFix removed all of the White Smoke Translator files!

    However I am not entirely certain if all of my problems are solved...partially because I have never been entirely certain what all of my problems are. For example, my system occasionally crashes with a blue screen of death but I can't tell what is causing it, and it happens randomly enough that it's hard to tell if the problem has been solved. Also my laptop hangs on the black Windows screen while booting up (in safe mode it hangs between loading "hal.dll" and "kdcom.dll"). Both of these problems have only occured since I opened and ran the fateful ".exe" file two weeks ago.

    Is there another test I can run to double check that there are no residual problems?


    Thanks again for all your help!
    Gillen
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE orHERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform quick scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     
  6. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    Thanks again for your help!

    I did just as you asked, and the program found several "PUP.WhiteSmoke" files which it removed without any problem. Can you describe to me what the exact nature of a "WhiteSmoke" infection is? Could it cause a driver error on my computer which would cause it to crash to a blue screen on start up?

    I really appreciate your dedication and speedy replies!

    Here is the log from Malwarebytes Anti-Malware:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5607
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    1/25/2011 11:11:05 PM
    mbam-log-2011-01-25 (23-11-05).txt
    Scan type: Quick scan
    Objects scanned: 164871
    Time elapsed: 4 minute(s), 3 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 17
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    Files Infected:
    c:\programdata\microsoft\Windows\start menu\Programs\Startup\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    There was a rootkit and white smoke nearly always accompnaies this rootkit and yes they can damage or alter boot drivers

    how is it now
     
  8. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    It hasn't crashed in a while now, so that seems promising! It still hangs on the windows logo during startup, however since running ComboFix the delay is a lot less.

    On a whim I ran Malwarebytes Anti-Malware again using a "full scan" and it found two more "Pup.WhiteSmoke" files. It removed those successfully.

    Do you think I need to take any further action? Is the hang up during boot potentially a problem? Or symptomatic of another infection?

    If you wanted to see it, here is the other Anti-Malware log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5607
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    1/26/2011 9:24:01 AM
    mbam-log-2011-01-26 (09-24-01).txt
    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 378199
    Time elapsed: 1 hour(s), 4 minute(s), 6 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\Users\AGB\Desktop\Programs\KEYGEN.EXE (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LIXMVQOA\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LIXMVQOA\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    the hang on boot can be anything

    run chkdsk & then defrag to see if that helps

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  10. SCA2014

    SCA2014 Thread Starter

    Joined:
    Jan 17, 2011
    Messages:
    6
    Thank you so much for all of your help!

    I removed ComboFix, updated windows, and ran the secunia scan which you suggested. I also visited the other website which you suggested. I'll try defragging my hard drive tonight and see if that cures the hang.

    All of my problems seem to be solved! Thank you for your quick replies and thorough assistance.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975264

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice