ashleykate7

Whitesmoke Toolbar/Virus Removal Help

14 posts in this topic

I have read thread after thread regarding this nasty virus. I have even been involved in removing it from another PC here in my office (sucessfully). Now, on my PC, I have tried Malwarebytes, Spybot, SUPERAntivirus, and out (Paid) McAfee Software to detect and remove this virus. I have been unsucessful. On Friday, I noticed that my PC was running slowly, but at that point I was not having any other trouble. I decided to run Malwarebytes to see if there were any problems and it found 683 threats. They were removed, and I followed up with running Spybot. It also found around 600 threats. Going back to the internet to test the computer, I started to receive pop up windows with ads and other windows so I shut down the PC down and tried running Malwarebytes and Spybot again. Each time I run any Malware or virus protection program, it finds more and more. At this point, I am not sure what to do. If anyone has advice, I would greatly appreciate the help.

Thank you,

Ashley

Share this post


Link to post
Share on other sites

:)

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Share this post


Link to post
Share on other sites

It seems to be running better and I have not been re-directed to another website yet.

2011/02/23 09:21:39.0906 3140 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/23 09:21:40.0203 3140 ================================================================================

2011/02/23 09:21:40.0203 3140 SystemInfo:

2011/02/23 09:21:40.0203 3140

2011/02/23 09:21:40.0203 3140 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/23 09:21:40.0203 3140 Product type: Workstation

2011/02/23 09:21:40.0203 3140 ComputerName: SECRETARY

2011/02/23 09:21:40.0203 3140 UserName: INNEROFFICE

2011/02/23 09:21:40.0203 3140 Windows directory: C:\WINDOWS

2011/02/23 09:21:40.0203 3140 System windows directory: C:\WINDOWS

2011/02/23 09:21:40.0203 3140 Processor architecture: Intel x86

2011/02/23 09:21:40.0203 3140 Number of processors: 1

2011/02/23 09:21:40.0203 3140 Page size: 0x1000

2011/02/23 09:21:40.0203 3140 Boot type: Normal boot

2011/02/23 09:21:40.0203 3140 ================================================================================

2011/02/23 09:21:41.0171 3140 Initialize success

2011/02/23 09:21:43.0500 1880 ================================================================================

2011/02/23 09:21:43.0500 1880 Scan started

2011/02/23 09:21:43.0500 1880 Mode: Manual;

2011/02/23 09:21:43.0500 1880 ================================================================================

2011/02/23 09:21:46.0234 1880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/02/23 09:21:46.0531 1880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/23 09:21:46.0593 1880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/23 09:21:46.0625 1880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/02/23 09:21:46.0796 1880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/23 09:21:46.0890 1880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/23 09:21:47.0015 1880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/23 09:21:47.0109 1880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/02/23 09:21:47.0203 1880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/02/23 09:21:47.0328 1880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/02/23 09:21:47.0468 1880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/02/23 09:21:47.0687 1880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/02/23 09:21:47.0875 1880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/02/23 09:21:47.0984 1880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/02/23 09:21:48.0046 1880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/02/23 09:21:48.0250 1880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/02/23 09:21:48.0390 1880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/02/23 09:21:48.0515 1880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/02/23 09:21:48.0687 1880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/23 09:21:48.0796 1880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/23 09:21:48.0859 1880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/23 09:21:48.0906 1880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/23 09:21:48.0968 1880 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/02/23 09:21:49.0187 1880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/23 09:21:49.0218 1880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/02/23 09:21:49.0250 1880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/23 09:21:49.0312 1880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/02/23 09:21:49.0500 1880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/23 09:21:49.0546 1880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/23 09:21:49.0593 1880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/23 09:21:49.0703 1880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/02/23 09:21:49.0765 1880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/02/23 09:21:49.0828 1880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/02/23 09:21:49.0921 1880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/02/23 09:21:50.0093 1880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/23 09:21:50.0171 1880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/23 09:21:50.0281 1880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/23 09:21:50.0312 1880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/23 09:21:50.0390 1880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/23 09:21:50.0437 1880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/02/23 09:21:50.0500 1880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/23 09:21:50.0546 1880 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/02/23 09:21:50.0734 1880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/23 09:21:50.0796 1880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/23 09:21:50.0859 1880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/23 09:21:50.0953 1880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/23 09:21:51.0015 1880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/23 09:21:51.0062 1880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/23 09:21:51.0078 1880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/23 09:21:51.0171 1880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/23 09:21:51.0312 1880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/23 09:21:51.0453 1880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/02/23 09:21:51.0625 1880 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/02/23 09:21:51.0875 1880 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/02/23 09:21:52.0031 1880 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/23 09:21:52.0250 1880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/23 09:21:52.0343 1880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/02/23 09:21:52.0406 1880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/02/23 09:21:52.0453 1880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/23 09:21:52.0531 1880 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/02/23 09:21:52.0875 1880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/23 09:21:52.0968 1880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/02/23 09:21:53.0109 1880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/23 09:21:53.0187 1880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/23 09:21:53.0250 1880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/23 09:21:53.0312 1880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/23 09:21:53.0406 1880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/23 09:21:53.0484 1880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/23 09:21:53.0515 1880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/23 09:21:53.0578 1880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/23 09:21:53.0656 1880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/23 09:21:53.0687 1880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/23 09:21:53.0718 1880 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/23 09:21:53.0765 1880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/23 09:21:53.0796 1880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/23 09:21:53.0937 1880 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys

2011/02/23 09:21:54.0093 1880 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys

2011/02/23 09:21:54.0281 1880 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/02/23 09:21:54.0453 1880 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys

2011/02/23 09:21:54.0687 1880 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys

2011/02/23 09:21:54.0859 1880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/23 09:21:54.0953 1880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/23 09:21:55.0000 1880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/23 09:21:55.0062 1880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/23 09:21:55.0109 1880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/23 09:21:55.0156 1880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/02/23 09:21:55.0281 1880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/23 09:21:55.0328 1880 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/23 09:21:55.0421 1880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/23 09:21:55.0484 1880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/23 09:21:55.0531 1880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/23 09:21:55.0609 1880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/23 09:21:55.0734 1880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/23 09:21:55.0765 1880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/23 09:21:55.0796 1880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/23 09:21:55.0859 1880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/23 09:21:55.0937 1880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/23 09:21:55.0968 1880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/23 09:21:56.0015 1880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/23 09:21:56.0156 1880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/23 09:21:56.0234 1880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/23 09:21:56.0312 1880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/23 09:21:56.0406 1880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/23 09:21:56.0453 1880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/23 09:21:56.0578 1880 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/23 09:21:56.0703 1880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/23 09:21:56.0734 1880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/23 09:21:56.0796 1880 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/02/23 09:21:56.0984 1880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/23 09:21:57.0046 1880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/23 09:21:57.0109 1880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/23 09:21:57.0156 1880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/23 09:21:57.0218 1880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/23 09:21:57.0250 1880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/23 09:21:57.0406 1880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/02/23 09:21:57.0593 1880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/02/23 09:21:57.0734 1880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/23 09:21:57.0765 1880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/23 09:21:57.0796 1880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/23 09:21:57.0859 1880 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/23 09:21:57.0906 1880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/02/23 09:21:57.0937 1880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/02/23 09:21:57.0968 1880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/02/23 09:21:58.0015 1880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/02/23 09:21:58.0046 1880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/02/23 09:21:58.0125 1880 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys

2011/02/23 09:21:58.0515 1880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/23 09:21:58.0593 1880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/23 09:21:58.0671 1880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/23 09:21:58.0718 1880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/23 09:21:58.0796 1880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/23 09:21:58.0828 1880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/23 09:21:58.0859 1880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/23 09:21:58.0968 1880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/23 09:21:59.0015 1880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/23 09:21:59.0250 1880 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys

2011/02/23 09:21:59.0406 1880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/23 09:21:59.0484 1880 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

2011/02/23 09:21:59.0718 1880 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/23 09:21:59.0750 1880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/23 09:21:59.0796 1880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/23 09:21:59.0859 1880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/02/23 09:21:59.0906 1880 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

2011/02/23 09:21:59.0984 1880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/02/23 09:22:00.0093 1880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/23 09:22:00.0140 1880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/23 09:22:00.0218 1880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/23 09:22:00.0328 1880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/23 09:22:00.0359 1880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/23 09:22:00.0421 1880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/02/23 09:22:00.0562 1880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/02/23 09:22:00.0734 1880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/02/23 09:22:00.0781 1880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/02/23 09:22:00.0953 1880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/23 09:22:01.0031 1880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/23 09:22:01.0109 1880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/23 09:22:01.0187 1880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/23 09:22:01.0250 1880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/23 09:22:01.0343 1880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/02/23 09:22:01.0437 1880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/23 09:22:01.0515 1880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/02/23 09:22:01.0703 1880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/23 09:22:01.0812 1880 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/02/23 09:22:01.0875 1880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/23 09:22:01.0953 1880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/23 09:22:02.0000 1880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/23 09:22:02.0031 1880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/23 09:22:02.0078 1880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/23 09:22:02.0109 1880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/23 09:22:02.0140 1880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/23 09:22:02.0187 1880 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/02/23 09:22:02.0203 1880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/23 09:22:02.0296 1880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/02/23 09:22:02.0343 1880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/23 09:22:02.0390 1880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/23 09:22:02.0437 1880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/23 09:22:02.0484 1880 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/02/23 09:22:02.0734 1880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/23 09:22:02.0859 1880 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/02/23 09:22:02.0937 1880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/23 09:22:02.0968 1880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/23 09:22:03.0046 1880 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/02/23 09:22:03.0046 1880 ================================================================================

2011/02/23 09:22:03.0046 1880 Scan finished

2011/02/23 09:22:03.0046 1880 ================================================================================

2011/02/23 09:22:03.0078 0564 Detected object count: 1

2011/02/23 09:22:16.0187 0564 \HardDisk0 - will be cured after reboot

2011/02/23 09:22:16.0187 0564 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/02/23 09:22:39.0968 0768 Deinitialize success

Share this post


Link to post
Share on other sites

We're not finished yet.

Please run TDSSKiller again so we can be sure the RootKit is gone.

Share this post


Link to post
Share on other sites

Here is the second log...

2011/02/23 10:00:39.0296 2936 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/23 10:00:39.0531 2936 ================================================================================

2011/02/23 10:00:39.0531 2936 SystemInfo:

2011/02/23 10:00:39.0531 2936

2011/02/23 10:00:39.0531 2936 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/23 10:00:39.0546 2936 Product type: Workstation

2011/02/23 10:00:39.0546 2936 ComputerName: SECRETARY

2011/02/23 10:00:39.0546 2936 UserName: INNEROFFICE

2011/02/23 10:00:39.0546 2936 Windows directory: C:\WINDOWS

2011/02/23 10:00:39.0546 2936 System windows directory: C:\WINDOWS

2011/02/23 10:00:39.0546 2936 Processor architecture: Intel x86

2011/02/23 10:00:39.0546 2936 Number of processors: 1

2011/02/23 10:00:39.0546 2936 Page size: 0x1000

2011/02/23 10:00:39.0546 2936 Boot type: Normal boot

2011/02/23 10:00:39.0546 2936 ================================================================================

2011/02/23 10:00:40.0281 2936 Initialize success

2011/02/23 10:00:43.0281 3052 ================================================================================

2011/02/23 10:00:43.0281 3052 Scan started

2011/02/23 10:00:43.0281 3052 Mode: Manual;

2011/02/23 10:00:43.0281 3052 ================================================================================

2011/02/23 10:00:45.0718 3052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/02/23 10:00:45.0906 3052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/23 10:00:45.0953 3052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/23 10:00:46.0046 3052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/02/23 10:00:46.0187 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/23 10:00:46.0281 3052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/23 10:00:46.0328 3052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/23 10:00:46.0359 3052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/02/23 10:00:46.0390 3052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/02/23 10:00:46.0531 3052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/02/23 10:00:46.0656 3052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/02/23 10:00:46.0781 3052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/02/23 10:00:46.0890 3052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/02/23 10:00:46.0953 3052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/02/23 10:00:47.0015 3052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/02/23 10:00:47.0171 3052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/02/23 10:00:47.0296 3052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/02/23 10:00:47.0406 3052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/02/23 10:00:47.0562 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/23 10:00:47.0640 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/23 10:00:47.0703 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/23 10:00:47.0765 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/23 10:00:47.0812 3052 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/02/23 10:00:47.0937 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/23 10:00:47.0984 3052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/02/23 10:00:48.0015 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/23 10:00:48.0078 3052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/02/23 10:00:48.0218 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/23 10:00:48.0296 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/23 10:00:48.0343 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/23 10:00:48.0437 3052 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/02/23 10:00:48.0531 3052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/02/23 10:00:48.0593 3052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/02/23 10:00:48.0671 3052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/02/23 10:00:48.0843 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/23 10:00:49.0015 3052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/23 10:00:49.0078 3052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/23 10:00:49.0109 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/23 10:00:49.0203 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/23 10:00:49.0281 3052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/02/23 10:00:49.0328 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/23 10:00:49.0375 3052 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/02/23 10:00:49.0609 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/23 10:00:49.0687 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/23 10:00:49.0734 3052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/23 10:00:49.0796 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/23 10:00:49.0859 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/23 10:00:49.0921 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/23 10:00:50.0000 3052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/23 10:00:50.0078 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/23 10:00:50.0125 3052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/23 10:00:50.0250 3052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/02/23 10:00:50.0421 3052 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/02/23 10:00:50.0531 3052 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/02/23 10:00:50.0656 3052 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/23 10:00:50.0796 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/23 10:00:50.0843 3052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/02/23 10:00:50.0890 3052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/02/23 10:00:50.0937 3052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/23 10:00:51.0015 3052 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/02/23 10:00:51.0359 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/23 10:00:51.0500 3052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/02/23 10:00:51.0640 3052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/23 10:00:51.0734 3052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/23 10:00:51.0750 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/23 10:00:51.0812 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/23 10:00:51.0875 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/23 10:00:51.0921 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/23 10:00:51.0968 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/23 10:00:52.0015 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/23 10:00:52.0093 3052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/23 10:00:52.0140 3052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/23 10:00:52.0156 3052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/23 10:00:52.0187 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/23 10:00:52.0234 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/23 10:00:52.0390 3052 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys

2011/02/23 10:00:52.0546 3052 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys

2011/02/23 10:00:52.0703 3052 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/02/23 10:00:52.0843 3052 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys

2011/02/23 10:00:53.0062 3052 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys

2011/02/23 10:00:53.0156 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/23 10:00:53.0250 3052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/23 10:00:53.0296 3052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/23 10:00:53.0359 3052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/23 10:00:53.0406 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/23 10:00:53.0468 3052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/02/23 10:00:53.0578 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/23 10:00:53.0640 3052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/23 10:00:53.0718 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/23 10:00:53.0781 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/23 10:00:53.0812 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/23 10:00:53.0890 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/23 10:00:53.0968 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/23 10:00:53.0984 3052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/23 10:00:54.0031 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/23 10:00:54.0078 3052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/23 10:00:54.0156 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/23 10:00:54.0203 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/23 10:00:54.0234 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/23 10:00:54.0359 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/23 10:00:54.0437 3052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/23 10:00:54.0546 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/23 10:00:54.0640 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/23 10:00:54.0687 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/23 10:00:54.0796 3052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/23 10:00:54.0937 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/23 10:00:54.0968 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/23 10:00:55.0031 3052 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/02/23 10:00:55.0187 3052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/23 10:00:55.0234 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/23 10:00:55.0281 3052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/23 10:00:55.0343 3052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/23 10:00:55.0390 3052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/23 10:00:55.0437 3052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/23 10:00:55.0578 3052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/02/23 10:00:55.0734 3052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/02/23 10:00:55.0875 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/23 10:00:55.0937 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/23 10:00:55.0968 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/23 10:00:56.0015 3052 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/23 10:00:56.0109 3052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/02/23 10:00:56.0156 3052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/02/23 10:00:56.0187 3052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/02/23 10:00:56.0218 3052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/02/23 10:00:56.0296 3052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/02/23 10:00:56.0390 3052 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys

2011/02/23 10:00:56.0656 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/23 10:00:56.0703 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/23 10:00:56.0734 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/23 10:00:56.0750 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/23 10:00:56.0796 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/23 10:00:56.0828 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/23 10:00:56.0921 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/23 10:00:57.0062 3052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/23 10:00:57.0109 3052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/23 10:00:57.0375 3052 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys

2011/02/23 10:00:57.0515 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/23 10:00:57.0609 3052 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

2011/02/23 10:00:57.0671 3052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/23 10:00:57.0703 3052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/23 10:00:57.0765 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/23 10:00:57.0843 3052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/02/23 10:00:57.0906 3052 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

2011/02/23 10:00:57.0968 3052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/02/23 10:00:58.0031 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/23 10:00:58.0078 3052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/23 10:00:58.0171 3052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/23 10:00:58.0359 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/23 10:00:58.0406 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/23 10:00:58.0453 3052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/02/23 10:00:58.0578 3052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/02/23 10:00:58.0750 3052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/02/23 10:00:58.0828 3052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/02/23 10:00:58.0968 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/23 10:00:59.0031 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/23 10:00:59.0125 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/23 10:00:59.0187 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/23 10:00:59.0250 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/23 10:00:59.0328 3052 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/02/23 10:00:59.0421 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/23 10:00:59.0468 3052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/02/23 10:00:59.0609 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/23 10:00:59.0703 3052 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/02/23 10:00:59.0781 3052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/23 10:00:59.0843 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/23 10:00:59.0890 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/23 10:01:00.0000 3052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/23 10:01:00.0046 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/23 10:01:00.0093 3052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/23 10:01:00.0125 3052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/23 10:01:00.0171 3052 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/02/23 10:01:00.0187 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/23 10:01:00.0296 3052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/02/23 10:01:00.0343 3052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/23 10:01:00.0390 3052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/23 10:01:00.0437 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/23 10:01:00.0484 3052 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/02/23 10:01:00.0656 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/23 10:01:00.0781 3052 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/02/23 10:01:00.0875 3052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/23 10:01:00.0921 3052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/23 10:01:01.0015 3052 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/02/23 10:01:01.0015 3052 ================================================================================

2011/02/23 10:01:01.0015 3052 Scan finished

2011/02/23 10:01:01.0015 3052 ================================================================================

2011/02/23 10:01:01.0046 2916 Detected object count: 1

2011/02/23 10:01:09.0796 2916 \HardDisk0 - will be cured after reboot

2011/02/23 10:01:09.0796 2916 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/02/23 10:01:14.0781 2680 Deinitialize success

Share this post


Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Please bear with me....we had some trouble turning off the sonic wall, but we did get it taken care of. Combo fix is currently running and deleting folders....will be back with you as soon as it finishes. Thanks for your help so far!

Ashley

Share this post


Link to post
Share on other sites

Here is the logfile for the last process...

ComboFix 11-02-22.06 - INNEROFFICE 02/23/2011 11:17:28.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.227 [GMT -5:00]

Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe

AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\147.tmp

C:\14C.tmp

C:\6F6.tmp

C:\6FA.tmp

C:\709.tmp

C:\72A.tmp

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\dtx.ini

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\guid.dat

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\preferences.dat

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stat.log

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stats.dat

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallIE.dat

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallStatIE.dat

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\98974c8e27f23cafbda8e5d0b926b2b2

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\cd2494248b6964056c3e699bb313f70b

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\forecasts_cache.xml

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\observations_cache.xml

c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weatherbutton_prefs.xml

c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar

c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\dtx.ini

c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\exeArgs.xml

c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\guid.dat

c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\setupCfg.xml

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\program files\whitesmoketoolbar

c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul

c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\external.js

c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml

c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml

c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl

c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js

c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html

c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm

c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif

c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html

c:\program files\whitesmoketoolbar\chrome\content\preferences.xml

c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm

c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul

c:\program files\whitesmoketoolbar\chrome\content\vmncode.js

c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml

c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt

c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl

c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml

c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml

c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl

c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml

c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png

c:\program files\whitesmoketoolbar\chrome\skin\about.gif

c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png

c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png

c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png

c:\program files\whitesmoketoolbar\chrome\skin\blank_png

c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif

c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif

c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png

c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png

c:\program files\whitesmoketoolbar\chrome\skin\ca.png

c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png

c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png

c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png

c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png

c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png

c:\program files\whitesmoketoolbar\chrome\skin\divider.png

c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png

c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png

c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png

c:\program files\whitesmoketoolbar\chrome\skin\email.png

c:\program files\whitesmoketoolbar\chrome\skin\email_on.png

c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png

c:\program files\whitesmoketoolbar\chrome\skin\facebook.png

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png

c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png

c:\program files\whitesmoketoolbar\chrome\skin\france_png

c:\program files\whitesmoketoolbar\chrome\skin\games.png

c:\program files\whitesmoketoolbar\chrome\skin\games_png

c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png

c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png

c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png

c:\program files\whitesmoketoolbar\chrome\skin\grey.gif

c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png

c:\program files\whitesmoketoolbar\chrome\skin\images.png

c:\program files\whitesmoketoolbar\chrome\skin\italy_png

c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png

c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif

c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png

c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png

c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png

c:\program files\whitesmoketoolbar\chrome\skin\logo.png

c:\program files\whitesmoketoolbar\chrome\skin\mail.png

c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif

c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png

c:\program files\whitesmoketoolbar\chrome\skin\modify.png

c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png

c:\program files\whitesmoketoolbar\chrome\skin\music.png

c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css

c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png

c:\program files\whitesmoketoolbar\chrome\skin\news.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png

c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png

c:\program files\whitesmoketoolbar\chrome\skin\orange.gif

c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png

c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png

c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png

c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png

c:\program files\whitesmoketoolbar\chrome\skin\rss.png

c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png

c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif

c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif

c:\program files\whitesmoketoolbar\chrome\skin\search-over.png

c:\program files\whitesmoketoolbar\chrome\skin\search.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\whitesmoketoolbar\chrome\skin\settings.png

c:\program files\whitesmoketoolbar\chrome\skin\shopping.png

c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png

c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png

c:\program files\whitesmoketoolbar\chrome\skin\skin.xml

c:\program files\whitesmoketoolbar\chrome\skin\spain_png

c:\program files\whitesmoketoolbar\chrome\skin\technorati.png

c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif

c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png

c:\program files\whitesmoketoolbar\chrome\skin\translate.png

c:\program files\whitesmoketoolbar\chrome\skin\Translate_png

c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png

c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png

c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png

c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png

c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png

c:\program files\whitesmoketoolbar\chrome\skin\usa_png

c:\program files\whitesmoketoolbar\chrome\skin\vmn.css

c:\program files\whitesmoketoolbar\chrome\skin\vmn.png

c:\program files\whitesmoketoolbar\chrome\skin\web.png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png

c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png

c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png

c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png

c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif

c:\program files\whitesmoketoolbar\chrome\skin\youtube.png

c:\program files\whitesmoketoolbar\chrome\skin\zoom.png

c:\program files\whitesmoketoolbar\components\windowmediator.js

c:\program files\whitesmoketoolbar\manifest.xml

c:\program files\whitesmoketoolbar\toolbar.xml

c:\program files\whitesmoketoolbar\uninstall.exe

c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll

c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

c:\windows\system32\bszip.dll

c:\windows\system32\twunk_32.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))

.

2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\program files\Drop Down Deals

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for

2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin

2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200

2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client

2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay

2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll

2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-02-17 20:49 191488 ------w- c:\program files\Drop Down Deals\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]

"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\

Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440]

Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk]

path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk

backup=c:\windows\pss\Gear Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]

2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152

"59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824]

R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?]

S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752]

S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

Trusted Zone: acehardware-acenet.com\ww1

Trusted Zone: acehardware-acenet.com\ww2

Trusted Zone: acehardware-aceonline.com

Trusted Zone: acehardware-eaglevision.com

Trusted Zone: acehardware-vendors.com

Trusted Zone: aceservices.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: acehardware-acenet.com

Trusted Zone: acehardware-aceonline.com

Trusted Zone: acehardware-eaglevision.com

Trusted Zone: acehardware-vendors.com

Trusted Zone: aceservices.com

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13

DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB

DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab

DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab

DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab

DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab

DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB

DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab

DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe

AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-23 11:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]

@DACL=(02 0000)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]

@DACL=(02 0000)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]

@DACL=(02 0000)

@="{4509D3CC-B642-4745-B030-645B79522C6D}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1172)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PSIService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

c:\3apps\Catapult\APPIPC.exe

.

**************************************************************************

.

Completion time: 2011-02-23 11:53:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-23 16:53

Pre-Run: 45,519,265,792 bytes free

Post-Run: 45,888,000,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9C19368DBF50321C1C131BE356E3F306

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\program files\Drop Down Deals\YontooIEClient.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Computer seems to be running normally. No lag and seems to be acting ok. Here is the log info...

ComboFix 11-02-23.01 - INNEROFFICE 02/23/2011 13:37:13.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.260 [GMT -5:00]

Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\INNEROFFICE\Desktop\CFScript.txt

AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

FILE ::

"c:\program files\Drop Down Deals\YontooIEClient.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Drop Down Deals\YontooIEClient.dll

.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))

.

2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-02-22 15:55 . 2011-02-23 18:45 -------- d-----w- c:\program files\Drop Down Deals

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for

2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin

2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200

2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client

2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay

2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll

2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]

"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\

Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440]

Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk]

path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk

backup=c:\windows\pss\Gear Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]

2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152

"59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168]

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824]

R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?]

S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752]

S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

Trusted Zone: acehardware-acenet.com\ww1

Trusted Zone: acehardware-acenet.com\ww2

Trusted Zone: acehardware-aceonline.com

Trusted Zone: acehardware-eaglevision.com

Trusted Zone: acehardware-vendors.com

Trusted Zone: aceservices.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: acehardware-acenet.com

Trusted Zone: acehardware-aceonline.com

Trusted Zone: acehardware-eaglevision.com

Trusted Zone: acehardware-vendors.com

Trusted Zone: aceservices.com

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13

DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB

DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab

DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab

DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab

DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab

DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB

DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab

DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-23 13:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]

@DACL=(02 0000)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]

@DACL=(02 0000)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]

@DACL=(02 0000)

@="{4509D3CC-B642-4745-B030-645B79522C6D}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3912)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PSIService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

c:\3apps\Catapult\APPIPC.exe

.

**************************************************************************

.

Completion time: 2011-02-23 13:57:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-23 18:57

ComboFix2.txt 2011-02-23 16:53

Pre-Run: 45,903,241,216 bytes free

Post-Run: 45,892,612,096 bytes free

- - End Of File - - 9BD55D4549AFF39E372F9294E6DF9E6C

Share this post


Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Share this post


Link to post
Share on other sites

Everything is up and running smoothly. Thank you so much for your help. Have a great day!

Ashley

Share this post


Link to post
Share on other sites

You're more than welcome.

Glad we were able to help

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.