Hi Dave,
Thank you for your reply. Please find requested logs copied below:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5663
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
03/02/2011 03:27:31
mbam-log-2011-02-03 (03-27-31).txt
Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 215097
Time elapsed: 41 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Not selected for removal.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Users\FUJITSU\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> Not selected for removal.
Files Infected:
c:\microgaming\Poker\pokertimempp\install.exe (PUP.Casino.Gen) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Not selected for removal.
c:\Users\FUJITSU\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Not selected for removal.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/03/2011 at 04:51 AM
Application Version : 4.48.1000
Core Rules Database Version : 6330
Trace Rules Database Version: 4142
Scan type : Complete Scan
Total Scan Time : 01:00:44
Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 7240
Registry threats detected : 5
File items scanned : 78359
File threats detected : 12
PUP.Whitesmoke
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\0x0409.ini
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\config.txt
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\data1.cab
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\data1.hdr
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\data2.cab
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\layout.bin
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\setup.ini
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\setup.inx
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\setup.iss
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\setup.log
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP\setup.ocx
C:\Users\FUJITSU\AppData\Roaming\WHITESMOKESETUP
HKLM\SOFTWARE\WhiteSmokeTranslator
HKLM\SOFTWARE\WhiteSmokeTranslator#InstallOption
HKLM\SOFTWARE\WhiteSmokeTranslator#DistID
HKLM\SOFTWARE\WhiteSmokeTranslator#SerialKey
HKU\S-1-5-21-3240795352-2179653177-716154972-1000\Software\WhiteSmokeTranslator
Results of screen317's Security Check version 0.99.8
Windows 7
(UAC is disabled!) Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
AVG 2011
Trend Micro Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
WMI entry may not exist for antivirus; attempting automatic update. ```````````````````````````````
Anti-malware/Other Utilities Check: SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
``````````End of Log```````````` DDS (Ver_10-12-12.02) - NTFSx86
Run by FUJITSU at 5:01:32.93 on 03/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1913.953 [GMT 0:00]
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\FUJITSU\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80134&lng=en
mStart Page = hxxp://uk.yahoo.com
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\fujitsu\appdata\roaming\mozilla\firefox\profiles\uxf6sb5a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d11bf4f&v=6.010.023.001&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine :
[email protected] - %profile%\extensions\
[email protected]FF - Ext: SearchElf 1.2 Community Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - %profile%\extensions\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\firefoxextension
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-2-2 196320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-2 64080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AMService;AMService;c:\windows\temp\wqqd\setup.exe run --> c:\windows\temp\wqqd\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
=============== Created Last 30 ================
2011-02-03 02:43:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-02 03:31:11 388096 ----a-r- c:\users\fujitsu\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-02 03:01:14 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-02-02 03:01:06 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-02-02 03:01:06 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-02-02 03:01:06 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-02 02:57:54 -------- d-----w- c:\progra~2\Trend Micro
2011-02-02 02:57:53 -------- d-----w- c:\program files\Trend Micro
2011-02-01 09:42:28 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{43358f64-bba4-4d37-8584-2b2481887d7f}\mpengine.dll
2011-01-30 07:56:09 -------- d-----w- c:\users\fujitsu\appdata\local\Yoga Poker
2011-01-30 07:55:46 -------- d---a-w- c:\program files\Yoga Poker
2011-01-30 07:19:54 -------- d-----w- c:\users\fujitsu\appdata\roaming\Absolute Poker
2011-01-30 07:19:38 -------- d-----w- C:\Poker Application
2011-01-30 07:01:31 -------- d-----w- c:\progra~2\Pokernet
2011-01-30 07:00:55 -------- d-----w- c:\users\fujitsu\appdata\roaming\MyPokerLab
2011-01-30 07:00:04 -------- d-----w- C:\Microgaming
2011-01-30 04:25:51 -------- d-----w- c:\users\fujitsu\appdata\roaming\Mozilla-Cache
2011-01-26 14:33:10 -------- d-----w- c:\users\fujitsu\appdata\local\Apple
==================== Find3M ====================
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
============= FINISH: 5:02:51.96 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/01/2010 15:17:57
System Uptime: 03/02/2011 03:29:53 (2 hours ago)
Motherboard: FUJITSU SIEMENS | | EF7
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | U2E1 | 2194/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 40 GiB total, 6.119 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 14.545 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 92 GiB total, 25.826 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP393: 02/02/2011 03:30:25 - Installed HiJackThis
==== Installed Programs ======================
AbiWord 2.8.6
Absolute Poker
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
AVG 2011
BitTorrent
CCleaner
Debut Video Capture Software
Full Tilt Poker
Google Updater
HiJackThis
Java Auto Updater
Java(TM) 6 Update 23
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
OGA Notifier 2.0.0048.0
SUPERAntiSpyware
Trend Micro Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Player Firefox Plugin
==== Event Viewer Messages From Past Week ========
28/01/2011 04:09:38, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
27/01/2011 09:01:23, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3A31D15F-69F1-47CA-A807-C03173B72555} because another computer on the network has the same name. The server could not start.
03/02/2011 03:30:24, Error: Service Control Manager [7000] - The lxcy_device service failed to start due to the following error: The system cannot find the file specified.
02/02/2011 03:13:22, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
01/02/2011 11:36:55, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
==== End Of File ===========================
Kind Regards
Gary