whitesmoke toolbar virus trouble

Hello,

Yesterday I noticed that my computer was running rather slow. Knowing that running malwarebytes' anti-malware can help speed up the computer, I went ahead and scanned my computer. The scan came up with over 600 threats, all of which were this whitesmoke toolbar. I removed the threats, restarted my computer, and ran the scan again to see if more came up. The system appeared clean. I then ran Spybot S&D and it only found 10 or so tracking cookies that were easily removed. I had researched this whitesmoke virus and found a lot of people saying that it kept coming back when they removed it so I thought I should post on here to make sure I've gotten rid of it all. I followed all the steps on the "Read this before requesting malware removal help" thread and I have all the logs which I will give you here.

Computer Information: Windows 7 64-bit, Asus G60VX, and for browsers I usually use safari

The following is the original log from malwarebytes' that came up with over 600 threats:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5893

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/27/2011 11:00:25 AM
mbam-log-2011-02-27 (11-00-25).txt

Scan type: Quick scan
Objects scanned: 172549
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 65
Files Infected: 594

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\modules (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\rss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\components (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Local\Temp\~nsu.tmp\whitesmoke-silent.exe (PUP.BHO) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Local\Temp\~nsu.tmp\whitesmoketranslator_rev1.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\downloads\whitesmokewritergeo5002_en.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\manifest.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\toolbar.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\uninstall.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\preferences.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\vmnrsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\about.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\dtxwin.xul (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\external.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\neterror.xhtml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsspreview.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\rsswin.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\vmncode.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\modules\datastore.jsm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\newtab.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.facebook\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\css\twitter.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-login.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\btn-submit.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\loginbg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh-over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\refresh.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrollbottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\scrolltop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter-logo48.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\images\twitter_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\js\scripts.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.twitter\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.webtv\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\tb_icon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.jsw (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\widget_version.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrow-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-left.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\arrows_grey-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\powered-by-youtube.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-over-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-red-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\tab-white-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\vid-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\images\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery-1.3.2.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\js\jquery.autocomplete.min.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\Thumbs.db (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.youtube\skin\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\dynamicelements\vmntoolbar.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\rss\rss.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\engines.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\search\search.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\data\weather\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\634017460871087500_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\about.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\babylon_logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_16x16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\blank_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluelite.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\bluesky.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\btn_settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\ca.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\checkmytext_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dictionary_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\downloadcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxlogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\email_on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\eteacher_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\facebook.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\france_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\gamesicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\games_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred0_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred1_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred2_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred3_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred4_5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphred5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\graphredna.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\grey.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\ico-shield.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\images.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\italy_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lichen.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\logo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\mail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\menuseparatorback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify-save.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\modifyhot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\music.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\namespacetoolbar.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\networkicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\news.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\pixsy.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\protect-id.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\relatedlinks.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-feed.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder-rename.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss-subscribe.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rssback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rsstopback.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\rss_feed_icon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\search-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\settings.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\shopping.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\siteinfo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluelite.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-bluesky.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-lichen.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin-yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\skin.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\spain_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\technorati.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\toolbarsplitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\translate.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\translate_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\translate_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvicons_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\tvicon_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\tv_icon3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\usa_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\vmn.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\web.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\wikipedia.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\yahoosearch.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\yellow.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\youtube.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\zoom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\dtxwizard\skin\icon_library\Basics\folder.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\aol.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\btn_slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\checkmark.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\chevron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\collapse.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\comcast.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\dtx.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\edit-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\expand.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\found.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\gmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\hotmail.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\imap.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\lock.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\logo-separator.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\mailcom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\modify.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\move.gif (PUP.WhiteSmoke) -> Quarantined and dele

Malwarebytes log cont.:

c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\movetarget.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\pop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\reload.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\remove.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rename.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\resize-box.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rss.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\scroll-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search-go.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\yahoo.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\inithtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupgames.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popuphtml.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popuprss.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\popupwidgets.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupabout.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupgames.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css\popupwidgets.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-info.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\truste_about.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\loadingmid.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\templateff.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupweather.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-main.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-search.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-weather.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\options\options-widgets.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\whitesmoketoolbar\components\windowmediator.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Users\Connor\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.


The Following is the SuperAntispyware Log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2011 at 06:12 PM

Application Version : 4.49.1000

Core Rules Database Version : 6493
Trace Rules Database Version: 4305

Scan type       : Complete Scan
Total Scan Time : 02:04:20

Memory items scanned      : 679
Memory threats detected   : 0
Registry items scanned    : 14826
Registry threats detected : 0
File items scanned        : 285545
File threats detected     : 1

Trojan.Vundo-Variant/F
   C:\WINDOWS\SYSWOW64\KMVIDC32.DLL

The following is the Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5893

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/27/2011 6:26:17 PM
mbam-log-2011-02-27 (18-26-17).txt

Scan type: Quick scan
Objects scanned: 166869
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

The following is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:53 PM, on 2/27/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elsword.hangame.co.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Connor\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnR0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnR0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Connor\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Connor\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16103 bytes

[Malware Removal Specialist]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**********************************************
P2P - I see you have P2P software installed on your machine (BitTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://*.cinemanow.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Hello,

First off, thank you very much for helping it is greatly appreciated.

I ran HijackThis and selected those two items to be fixed. After that I downloaded ComboFix and disabled AVG 2011. When I try to run ComboFix it tells me to uninstall AVG or use another program because ComboFix may not work when AVG is installed on a computer. I attempted to uninstall AVG but I keep getting an error. I also tried to manually delete the AVG files but that said that AVG was open in another program. I closed down all the AVG processes in the task manager but that didn't help either. Is there anyway to get it off or perhaps another program?

[Malware Removal Specialist]

Yes, ComboFix and AVG don't get along with each other.LOL. Here's what you need to do. Download a new AV program from the list I have provided below. Install the new AV and then run the AVG Removal tool (below). Then try to run ComboFix and post the log.

I prefer MicroSoft Security Essentials. Very efficient and not a resource hog. Install it and forget about it.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************
AVG Antivirus - AVG Antivirus Remover utility

ComboFix Log:

ComboFix 11-02-28.02 - Connor 02/28/2011  19:10:06.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4095.2298 [GMT -5:00]
Running from: c:\users\Connor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Connor\AppData\Local\Temp\VPN_EF12\9218E5A4.dll
c:\users\Connor\cheatsConverter.exe
c:\users\Connor\DeSmuME.exe
c:\users\Connor\DeSmuME_dev.exe
c:\users\Connor\DeSmuME_nosse2.exe
c:\windows\SysWow64\Temp
c:\windows\TEMP\VPN_C63B\9218E5A4.dll

.
(((((((((((((((((((((((((   Files Created from 2011-02-01 to 2011-03-01  )))))))))))))))))))))))))))))))
.

2011-03-01 00:18 . 2011-03-01 00:18   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-28 03:53 . 2011-02-28 03:53   --------   d-----w-   C:\found.000
2011-02-27 23:37 . 2011-02-27 23:37   388096   ----a-r-   c:\users\Connor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-27 23:37 . 2011-02-27 23:37   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-02-27 23:17 . 2011-02-27 23:17   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\users\Connor\AppData\Roaming\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\!SASCORE
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-27 20:46 . 2011-02-27 20:46   --------   d-----w-   c:\program files\CCleaner
2011-02-27 20:38 . 2010-03-29 16:06   233488   ----a-w-   c:\windows\system32\drivers\PCTCore64.sys
2011-02-27 20:38 . 2010-11-17 15:20   331368   ----a-w-   c:\windows\system32\drivers\pctgntdi64.sys
2011-02-27 20:38 . 2010-11-17 15:20   136168   ----a-w-   c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-27 20:38 . 2011-02-27 23:17   --------   d-----w-   c:\users\Connor\AppData\Roaming\PCToolsFirewallPlus
2011-02-27 20:37 . 2011-02-27 20:38   --------   d-----w-   c:\program files (x86)\Common Files\PC Tools
2011-02-27 20:37 . 2010-11-24 14:18   119688   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-02-27 20:37 . 2010-07-08 14:49   79000   ----a-w-   c:\windows\system32\drivers\pctNdis64.sys
2011-02-27 20:37 . 2010-02-05 14:26   42968   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS64.sys
2011-02-27 20:37 . 2010-11-25 15:42   179464   ----a-w-   c:\windows\system32\drivers\pctplfw64.sys
2011-02-27 20:37 . 2011-02-27 23:17   --------   d-----w-   c:\program files (x86)\PC Tools Firewall Plus
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-02-27 15:52 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 07:49 . 2011-02-27 15:52   --------   d-----w-   c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-24 13:49 . 2010-09-14 06:45   367104   ----a-w-   c:\windows\system32\wcncsvc.dll
2011-02-24 13:49 . 2010-09-14 06:07   276992   ----a-w-   c:\windows\SysWow64\wcncsvc.dll
2011-02-23 21:20 . 2011-02-23 21:20   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-02-23 21:19 . 2011-02-03 02:40   472808   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 21:18 . 2011-02-23 21:18   --------   d-----w-   c:\programdata\McAfee
2011-02-23 20:23 . 2011-02-23 20:23   --------   d-----w-   c:\program files (x86)\LOLReplay
2011-02-23 16:55 . 2011-01-07 08:07   662528   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 08:07   475648   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:55 . 2011-01-07 07:31   442880   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 07:31   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:44 . 2008-10-15 14:25   461680   ----a-w-   C:\Dbgview.exe
2011-02-20 21:17 . 2011-02-20 21:17   --------   d--h--w-   c:\windows\system32\CanonMF Uninstaller Information
2011-02-20 21:17 . 2011-02-20 21:17   --------   d-----w-   c:\program files\Canon
2011-02-20 21:16 . 2007-04-18 22:13   66048   ----a-w-   c:\windows\system32\CNAS0MMK.DLL
2011-02-06 05:00 . 2011-02-06 05:00   --------   d-----w-   c:\program files (x86)\Stunlock Studios
2011-02-06 04:58 . 2011-02-06 04:58   --------   d-----w-   c:\program files (x86)\Microsoft XNA
2011-02-05 21:40 . 2011-02-05 21:40   --------   d-----w-   c:\users\Connor\AppData\Roaming\NVIDIA
2011-02-04 15:50 . 2011-02-04 15:50   --------   d-----w-   c:\users\Connor\AppData\Local\Apple Computer
2011-02-04 15:48 . 2011-02-22 22:42   --------   d-----w-   c:\program files (x86)\Safari
2011-02-04 15:48 . 2011-02-04 15:48   --------   d-----w-   c:\program files\Bonjour
2011-02-04 15:48 . 2011-02-04 15:48   --------   d-----w-   c:\program files (x86)\Bonjour
2011-02-03 05:23 . 2011-02-03 05:23   --------   d-----w-   c:\program files (x86)\Best Buy Rhapsody
2011-02-03 05:19 . 2011-02-10 02:37   --------   d-----w-   c:\program files (x86)\Rhapsody
2011-02-03 02:37 . 2011-02-03 02:37   --------   d-----w-   c:\program files (x86)\E.M. Free Game Capture
2011-02-01 06:41 . 2011-02-01 06:41   --------   d-----w-   C:\Fraps
2011-01-30 19:57 . 2011-01-30 19:57   103864   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57   103864   ----a-w-   c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-30 13:29 . 2011-01-30 13:30   --------   d-----w-   c:\users\Connor\AppData\Roaming\HgTAgent
2011-01-30 04:27 . 2011-01-30 04:27   --------   d-----w-   c:\program files (x86)\DownloadXCtrl.com
2011-01-30 03:17 . 2011-01-30 03:17   29808   ----a-w-   c:\windows\system32\drivers\Neo_0014.sys
2011-01-30 03:16 . 2011-01-30 03:16   81920   ----a-w-   c:\windows\SysWow64\vpncmd.exe
2011-01-30 03:15 . 2011-03-01 00:04   --------   d-----w-   c:\program files (x86)\PacketiX VPN Client English
2011-01-30 02:13 . 2011-01-30 04:33   --------   d-----w-   C:\HanPurple

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2011-01-13 14:44   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-01-19 08:26 . 2011-01-19 08:26   86016   ----a-w-   c:\windows\SysWow64\frapsvid.dll
2011-01-19 08:26 . 2011-01-19 08:26   84992   ----a-w-   c:\windows\system32\frapsv64.dll
2011-01-03 06:32 . 2010-01-08 14:14   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-12-27 18:55 . 2008-11-25 16:12   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2010-12-27 18:55 . 2008-11-25 16:12   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2010-12-20 23:08 . 2010-12-04 20:31   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
2010-11-06 03:14   2735200   ----a-w-   c:\program files (x86)\OnRPG\tbOnR0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "c:\program files (x86)\OnRPG\tbOnR0.dll" [2010-11-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files (x86)\DNA\btdna.exe" [2010-11-19 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CinemaNowMediaManagerApp"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [2009-06-11 2088296]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"cwcptray"="c:\program files (x86)\ContentWatch\Internet Protection\cwtray.exe" [2010-11-16 353088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-9-15 12862]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-2-22 195072]
PacketiX VPN Client Task Tray.lnk - c:\program files (x86)\PacketiX VPN Client English\vpncmgr.exe [2008-5-15 2682880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44   35760   ----a-w-   c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30   272952   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-16 01:33   72248   ----a-w-   c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-16 01:33   3054136   ----a-w-   c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 00:52   104936   ------w-   c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 23:11   210216   ------w-   c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vpnclient;PacketiX VPN Client;c:\program files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\elsword\data\GameGuard\dump_wmimmc.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des

R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 X6va001;X6va001;c:\users\Connor\AppData\Local\Temp\00199D8.tmp

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2010-11-16 2109440]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0014.sys [2011-01-30 29808]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]


--- Other Services/Drivers In Memory ---

*Deregistered* - pctESPInject

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://elsword.hangame.co.jp/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\ecx7ksuv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4affd7fd&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Connor\AppData\Roaming\Move Networks
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: SyncPlaces: syncplaces@andyhalford.com - %profile%\extensions\syncplaces@andyhalford.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe
Wow6432Node-HKCU-Run-FlashGet 3 - c:\program files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
WebBrowser-{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StarCraft - c:\program files (x86)\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
AddRemove-StarCraft II Beta - c:\program files (x86)\Common Files\Blizzard Entertainment\StarCraft II Beta\Uninstall.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
AddRemove-{08C5815C-2C6E-44f8-8748-0E61BC9AFB0c} - c:\aeriagames\Latale\Uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Completion time: 2011-02-28  19:27:23 - machine was rebooted
ComboFix-quarantined-files.txt  2011-03-01 00:27

Pre-Run: 154,079,367,168 bytes free
Post-Run: 153,645,047,808 bytes free

- - End Of File - - F1A411B3A487357B8E8BA3689184727D

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:28:35 PM, on 2/28/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elsword.hangame.co.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnR0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnR0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13018 bytes

[Malware Removal Specialist]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  File::
  C:\found.000
  c:\users\Connor\AppData\Local\Temp\00199D8.tmp
  
  MBR::
  
  Registry::
  [-HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001]
  "ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp"
  
  DDS::
  Trusted Zone: cinemanow.com
  Trusted Zone: real.com\rhap-app-4-0
  Trusted Zone: real.com\rhapreg
  
  Driver::
  X6va001
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

I copied the text into notepad and saved it as specified. When I drag it into ComboFix it causes ComboFix to start, I follow the prompts, and then ComboFix just sits there saying scanning for infected files. When I used ComboFix yesterday it was rather quick but today it's really slow. Is something wrong or am I just being impatient?

[Malware Removal Specialist]

When I drag it into ComboFix it causes ComboFix to start, I follow the prompts, and then ComboFix just sits there saying scanning for infected files. When I used ComboFix yesterday it was rather quick but today it's really slow. Is something wrong or am I just being impatient?

Please run a new scan with ComboFix just as you did the first time and post the log.

ComboFix 11-02-28.02 - Connor 03/02/2011  14:08:21.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4095.1940 [GMT -5:00]
Running from: c:\users\Connor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2011-02-02 to 2011-03-02  )))))))))))))))))))))))))))))))
.

2011-03-02 19:14 . 2011-03-02 19:14   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-02 19:14 . 2011-03-02 19:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-03-02 03:12 . 2011-02-11 04:31   7947600   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E160FF2A-467B-48FD-A836-B760BC53D1B1}\mpengine.dll
2011-02-28 23:57 . 2011-02-11 04:31   7947600   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-28 23:57 . 2011-02-28 23:56   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92021A4C-7412-4852-B81E-546412346036}\gapaengine.dll
2011-02-28 23:46 . 2011-02-28 23:46   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-02-28 23:46 . 2011-02-28 23:47   --------   d-----w-   c:\program files\Microsoft Security Client
2011-02-28 23:46 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-02-28 03:53 . 2011-02-28 03:53   --------   d-----w-   C:\found.000
2011-02-27 23:37 . 2011-02-27 23:37   388096   ----a-r-   c:\users\Connor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-27 23:37 . 2011-02-27 23:37   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-02-27 23:17 . 2011-02-27 23:17   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\users\Connor\AppData\Roaming\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\!SASCORE
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-27 20:46 . 2011-02-27 20:46   --------   d-----w-   c:\program files\CCleaner
2011-02-27 20:38 . 2010-03-29 16:06   233488   ----a-w-   c:\windows\system32\drivers\PCTCore64.sys
2011-02-27 20:38 . 2010-11-17 15:20   331368   ----a-w-   c:\windows\system32\drivers\pctgntdi64.sys
2011-02-27 20:38 . 2010-11-17 15:20   136168   ----a-w-   c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-27 20:38 . 2011-02-27 23:17   --------   d-----w-   c:\users\Connor\AppData\Roaming\PCToolsFirewallPlus
2011-02-27 20:37 . 2011-02-27 20:38   --------   d-----w-   c:\program files (x86)\Common Files\PC Tools
2011-02-27 20:37 . 2010-11-24 14:18   119688   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-02-27 20:37 . 2010-07-08 14:49   79000   ----a-w-   c:\windows\system32\drivers\pctNdis64.sys
2011-02-27 20:37 . 2010-02-05 14:26   42968   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS64.sys
2011-02-27 20:37 . 2010-11-25 15:42   179464   ----a-w-   c:\windows\system32\drivers\pctplfw64.sys
2011-02-27 20:37 . 2011-02-27 23:17   --------   d-----w-   c:\program files (x86)\PC Tools Firewall Plus
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-02-27 15:52 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 07:49 . 2011-02-27 15:52   --------   d-----w-   c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-24 13:49 . 2010-09-14 06:45   367104   ----a-w-   c:\windows\system32\wcncsvc.dll
2011-02-24 13:49 . 2010-09-14 06:07   276992   ----a-w-   c:\windows\SysWow64\wcncsvc.dll
2011-02-23 21:20 . 2011-02-23 21:20   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-02-23 21:19 . 2011-02-03 02:40   472808   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 21:18 . 2011-02-23 21:18   --------   d-----w-   c:\programdata\McAfee
2011-02-23 20:23 . 2011-02-23 20:23   --------   d-----w-   c:\program files (x86)\LOLReplay
2011-02-23 16:55 . 2011-01-07 08:07   662528   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 08:07   475648   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:55 . 2011-01-07 07:31   442880   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 07:31   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:44 . 2008-10-15 14:25   461680   ----a-w-   C:\Dbgview.exe
2011-02-20 21:17 . 2011-02-20 21:17   --------   d--h--w-   c:\windows\system32\CanonMF Uninstaller Information
2011-02-20 21:17 . 2011-02-20 21:17   --------   d-----w-   c:\program files\Canon
2011-02-20 21:16 . 2007-04-18 22:13   66048   ----a-w-   c:\windows\system32\CNAS0MMK.DLL
2011-02-06 05:00 . 2011-02-06 05:00   --------   d-----w-   c:\program files (x86)\Stunlock Studios
2011-02-06 04:58 . 2011-02-06 04:58   --------   d-----w-   c:\program files (x86)\Microsoft XNA
2011-02-05 21:40 . 2011-02-05 21:40   --------   d-----w-   c:\users\Connor\AppData\Roaming\NVIDIA
2011-02-04 15:50 . 2011-02-04 15:50   --------   d-----w-   c:\users\Connor\AppData\Local\Apple Computer
2011-02-04 15:48 . 2011-02-22 22:42   --------   d-----w-   c:\program files (x86)\Safari
2011-02-04 15:48 . 2011-02-04 15:48   --------   d-----w-   c:\program files\Bonjour
2011-02-04 15:48 . 2011-02-04 15:48   --------   d-----w-   c:\program files (x86)\Bonjour
2011-02-03 05:23 . 2011-02-03 05:23   --------   d-----w-   c:\program files (x86)\Best Buy Rhapsody
2011-02-03 05:19 . 2011-02-10 02:37   --------   d-----w-   c:\program files (x86)\Rhapsody
2011-02-03 02:37 . 2011-02-03 02:37   --------   d-----w-   c:\program files (x86)\E.M. Free Game Capture
2011-02-01 06:41 . 2011-02-01 06:41   --------   d-----w-   C:\Fraps

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2011-01-13 14:44   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-01-30 03:17 . 2011-01-30 03:17   29808   ----a-w-   c:\windows\system32\drivers\Neo_0014.sys
2011-01-30 03:16 . 2011-01-30 03:16   81920   ----a-w-   c:\windows\SysWow64\vpncmd.exe
2011-01-19 08:26 . 2011-01-19 08:26   86016   ----a-w-   c:\windows\SysWow64\frapsvid.dll
2011-01-19 08:26 . 2011-01-19 08:26   84992   ----a-w-   c:\windows\system32\frapsv64.dll
2011-01-03 06:32 . 2010-01-08 14:14   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-12-27 18:55 . 2008-11-25 16:12   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2010-12-27 18:55 . 2008-11-25 16:12   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2010-12-20 23:08 . 2010-12-04 20:31   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((   SnapShot@2011-03-01_00.19.51   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-15 10:12 . 2011-03-01 00:05   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:12 . 2011-03-02 19:18   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:05   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-15 10:12 . 2011-03-02 19:18   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-15 10:12 . 2011-03-02 19:18   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:05   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-15 10:09 . 2011-03-02 19:18   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:05   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:09 . 2011-03-02 19:18   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:05   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-01 00:19 . 2011-03-01 00:19   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-02 19:15 . 2011-03-02 19:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-02 19:15 . 2011-03-02 19:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-01 00:19 . 2011-03-01 00:19   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-02 19:16 . 2011-03-02 19:16   119808              c:\windows\temp\VPN_4CA5\0FC343C0.dll
- 2009-07-14 05:01 . 2011-03-01 00:18   421204              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-02 19:15   421204              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-02 19:16 . 2011-03-02 19:16   2240512              c:\windows\temp\VPN_4CA5\9218E5A4.dll
+ 2011-03-02 19:16 . 2011-03-02 19:16   1185288              c:\windows\temp\.unicode_cache_78ae99a9.dat
- 2009-07-14 02:34 . 2011-03-01 00:17   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-03-02 19:13   10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
2010-11-06 03:14   2735200   ----a-w-   c:\program files (x86)\OnRPG\tbOnR0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "c:\program files (x86)\OnRPG\tbOnR0.dll" [2010-11-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files (x86)\DNA\btdna.exe" [2010-11-19 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CinemaNowMediaManagerApp"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [2009-06-11 2088296]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"cwcptray"="c:\program files (x86)\ContentWatch\Internet Protection\cwtray.exe" [2010-11-16 353088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-9-15 12862]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-2-22 195072]
PacketiX VPN Client Task Tray.lnk - c:\program files (x86)\PacketiX VPN Client English\vpncmgr.exe [2008-5-15 2682880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44   35760   ----a-w-   c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30   272952   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-16 01:33   72248   ----a-w-   c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-16 01:33   3054136   ----a-w-   c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 00:52   104936   ------w-   c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 23:11   210216   ------w-   c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\elsword\data\GameGuard\dump_wmimmc.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des

R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 X6va001;X6va001;c:\users\Connor\AppData\Local\Temp\00199D8.tmp

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2010-11-16 2109440]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 5556520]
S2 vpnclient;PacketiX VPN Client;c:\program files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0014.sys [2011-01-30 29808]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]


--- Other Services/Drivers In Memory ---

*Deregistered* - pctESPInject

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://elsword.hangame.co.jp/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\ecx7ksuv.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4affd7fd&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Connor\AppData\Roaming\Move Networks
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: SyncPlaces: syncplaces@andyhalford.com - %profile%\extensions\syncplaces@andyhalford.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - (no file)



[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-03-02  14:28:39 - machine was rebooted
ComboFix-quarantined-files.txt  2011-03-02 19:28
ComboFix2.txt  2011-03-01 00:27

Pre-Run: 151,860,076,544 bytes free
Post-Run: 151,543,152,640 bytes free

- - End Of File - - 23EA89062DC553092AB6FA63FD063DA4

[Malware Removal Specialist]

Please boot in Safe Mode and run the ComboFix Script as instructed in Reply # 6 and post the log.

Safe Mode

It still didn't work.

[Malware Removal Specialist]

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg

:files
C:\found.000
c:\users\Connor\AppData\Local\Temp\00199D8.tmp

:reg
[-HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp"

:services
X6va001

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

All processes killed
========== OTL ==========
========== FILES ==========
C:\found.000 folder moved successfully.
File\Folder c:\users\Connor\AppData\Local\Temp\00199D8.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001\ deleted successfully.
HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va001\\"ImagePath"|"\??\c:\users\Connor\AppData\Local\Temp\00199D8.tmp" /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service X6va001 stopped successfully!
Service X6va001 deleted successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Connor
->Temp folder emptied: 153767807 bytes
->Temporary Internet Files folder emptied: 26747089 bytes
->Java cache emptied: 82550203 bytes
->FireFox cache emptied: 62768548 bytes
->Apple Safari cache emptied: 97220608 bytes
->Flash cache emptied: 20670 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3702551 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 6808340219 bytes
 
Total Files Cleaned = 6,900.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03102011_162012

Files\Folders moved on Reboot...
C:\Users\Connor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\VPN_4ACD\9218E5A4.dll not found!
File\Folder C:\Windows\temp\VPN_4ACD\VPN_Lock.dat not found!

Registry entries deleted on Reboot...

[Malware Removal Specialist]

Can you please run ComboFix again and post the log?