LandzDown Forum

Ok I downloaded the latest version of Java. After restarting my comp a million times I was finally able to run combofix.

ComboFix 11-01-08.05 - ccity1 01/09/2011  23:50:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1982.1453 [GMT -5:00]
Running from: c:\users\ccity1\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\windows
c:\users\ccity1\AppData\Roaming\Microsoft\Windows\Recent\zMapper.url
D:\Autorun.inf

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((   Files Created from 2010-12-10 to 2011-01-10  )))))))))))))))))))))))))))))))
.

2011-01-10 05:04 . 2011-01-10 05:05   --------   d-----w-   c:\users\ccity1\AppData\Local\temp
2011-01-10 05:04 . 2011-01-10 05:04   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-01-10 03:44 . 2011-01-10 03:44   --------   d-----w-   c:\program files\Common Files\Java
2011-01-10 03:44 . 2011-01-10 03:43   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-10 03:44 . 2011-01-10 03:43   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-10 03:43 . 2011-01-10 03:43   --------   d-----w-   c:\program files\Java
2011-01-04 00:25 . 2011-01-04 00:25   --------   d-----w-   c:\program files\ESET
2011-01-01 23:59 . 2011-01-02 02:35   --------   d-----w-   c:\program files\Windows Live Safety Center
2011-01-01 23:48 . 2010-11-16 17:01   6273872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F292F41-2F3C-49C5-A3DA-E29A1F5BC6A6}\mpengine.dll
2010-12-30 23:11 . 2010-09-13 13:56   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2010-12-30 23:11 . 2010-09-13 13:56   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-12-30 23:10 . 2010-09-06 16:20   125952   ----a-w-   c:\windows\system32\srvsvc.dll
2010-12-30 23:10 . 2010-09-06 13:45   304128   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-12-30 23:10 . 2010-09-06 13:45   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2010-12-30 23:10 . 2010-09-06 13:45   145408   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-12-30 23:09 . 2010-09-06 16:19   17920   ----a-w-   c:\windows\system32\netevent.dll
2010-12-30 23:08 . 2010-10-12 13:41   515584   ----a-w-   c:\program files\Windows Mail\wab.exe
2010-12-30 23:08 . 2010-10-12 15:53   33280   ----a-w-   c:\program files\Windows Mail\wabfind.dll
2010-12-30 23:08 . 2010-10-12 13:41   66048   ----a-w-   c:\program files\Windows Mail\wabmig.exe
2010-12-30 23:08 . 2010-08-10 15:53   274944   ----a-w-   c:\windows\system32\schannel.dll
2010-12-30 23:08 . 2010-06-28 17:00   1316864   ----a-w-   c:\windows\system32\ole32.dll
2010-12-30 23:08 . 2010-06-28 14:54   339968   ----a-w-   c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-30 23:06 . 2010-10-28 15:44   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-12-30 23:05 . 2010-05-27 20:08   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2010-12-30 23:05 . 2010-08-31 15:44   531968   ----a-w-   c:\windows\system32\comctl32.dll
2010-12-30 23:05 . 2010-05-04 19:13   231424   ----a-w-   c:\windows\system32\msshsq.dll
2010-12-29 19:19 . 2010-04-16 16:46   502272   ----a-w-   c:\windows\system32\usp10.dll
2010-12-29 18:23 . 2010-12-03 19:35   719832   ----a-w-   c:\program files\Mozilla Firefox\mozcpp19.dll
2010-12-29 18:23 . 2010-12-03 19:35   16856   ----a-w-   c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-27 20:07 . 2010-12-27 20:07   --------   d-----w-   c:\users\ccity1\AppData\Local\Secunia PSI
2010-12-27 20:07 . 2010-12-27 20:07   --------   d-----w-   c:\program files\Secunia

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-02-25 18:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-02-25 18:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-19 15:41 . 2010-03-23 11:39   222080   ------w-   c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52   50736   ----a-w-   c:\program files\Common Files\AOL\1193150619\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 hsckk;hsckk;c:\windows\System32\drivers\nyqks.sys

R0 ojceg;ojceg;c:\windows\System32\drivers\lhemlug.sys

R0 rgfvg;rgfvg;c:\windows\System32\drivers\mgbg.sys

R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3423
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ccity1\AppData\Roaming\Mozilla\Firefox\Profiles\htvq1efz.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 00:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9160821A rev.3.ALC -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858F8735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x858fe990]; MOV EAX, [0x858fea0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x81C89962] -> \Device\Harddisk0\DR0[0x8525D780]
3 CLASSPNP[0x827A18B3] -> ntkrnlpa!IofCallDriver[0x81C89962] -> [0x83E20CA0]
5 acpi[0x806116BC] -> ntkrnlpa!IofCallDriver[0x81C89962] -> [0x84BE7528]
\Driver\atapi[0x853600F0] -> IRP_MJ_CREATE -> 0x858F8735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST9160821A______________________________3.ALC___#5&6cd5a4e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 31 !
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-10  00:12:08
ComboFix-quarantined-files.txt  2011-01-10 05:12

Pre-Run: 80,346,726,400 bytes free
Post-Run: 80,428,863,488 bytes free

- - End Of File - - 1126B235805018007BE3A2D353765FE7

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:53 AM, on 1/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3423
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3551 bytes

Also, the virus showed its face again so I ran a malwarebytes scan, this was done before combofix...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5491

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/9/2011 10:22:17 PM
mbam-log-2011-01-09 (22-22-17).txt

Scan type: Quick scan
Objects scanned: 135377
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 29
Files Infected: 142

Memory Processes Infected:
c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 1476 -> Unloaded process successfully.
c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 2108 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\style (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\whitesmoke translator\buy.ico (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\comvistaelevator.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\dictionary48x48.ico (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\license_agreement_translator.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\osmax.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\secman.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\settings.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\TCCons.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\WCapture.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\wcapturex.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\WCustom.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\WHook.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\wmonitorx.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\wsdicthookdll.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\WSLogger.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\blank.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\checkerboard.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\helix.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.htc (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\iepngfix.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\iepngfix\opacity.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\js\common.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\js\pngfix.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\js\prototype.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\common\js\xmlhttp.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\spacer.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\ajax-loader.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\bottom_left_corner.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_bottom_right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_left.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\corner_top_right.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\down_arrow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\empty.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\input_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\left_input.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\loading_dictionary.swf (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\resize.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\right_input.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\background\search_strip_bg3.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\dictionary_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\down_arrow.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\go_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\idioms_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\thesaurus_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_normal.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_pressed.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translate_rollover.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_disabled.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\Buttons\translation_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_max_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_bar_min_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_off.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_dictionary_roll_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_strip_right_corner.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_off.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\caption_translation_roll_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_bottom.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_bg_top.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_press.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\img\popup\screen_captionbar_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\common.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\contextmenu.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\dictinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.combobox.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\jquery.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\prototype.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\js\xmlhttp.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\combobox.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\contextmenu.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientdic\style\dictionary.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\body_bg.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\congra.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_click.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\continue_button_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\intro.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\welcome.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\img\captionbar\logo.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\js\reginterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientregistration\style\registration.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\index.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_all.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\welcome_expired.html (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\buy_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_over.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\caption_bar_close_up.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\close_button_down.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\expired_bg.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\translator-welcome-final.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.jpg (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\background\attic\use_ws_bgnew.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\arrow_white.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\caption_strip.png (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\left_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\right_bot_chunk.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\img\captionbar\white_x_button.gif (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\js\iframeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\content\style\welcome.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\js\welcomeinterface.js (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\program files\whitesmoke translator\html\english\dictclientwelcome\style\welcomescreen.css (PUP.WhiteSmoke) -> Quarantined and deleted successfully..


After performng all these steps, I am still having issues with the browser rerouting itself to another webpage. I could not run the windows live scan b/c IE is saying there are proxy settings issues. Hope this all helps

Sorry about last night wasn't able to get on. SO I ran Eset, log is below. I redid the proxy settings and was still not able to connect to the internet on my network, but was able to connect to someone else's network, which I am no longer able to do today. I also began receiving more threat alerts and now every time I try to connect to the internet on normal mode the browser page automatically connects to to some porn or anti-virus ad... So I am back to safe mode w/ networking. What next?

C:\Users\ccity1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-6762c1ae   probably a variant of Win32/Agent.FXHNPDJ trojan

i found the program but i was only able to remove two of the items. I ran a scan through malwarebytes and nothing was found. Also i keep getting the message that says host process has stopped working.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5427

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/31/2010 9:19:48 AM
mbam-log-2010-12-31 (09-19-48).txt

Scan type: Quick scan
Objects scanned: 135164
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the RSIT log. I also got a pop up saying somthing to the tune of a host not working...And I'm still getting the crash dump screen, I just restart automatically and I was able to work in normal mode.

Logfile of random's system information tool 1.06 (written by random/random)
Run by ccity1 at 2010-12-29 13:15:36
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 75 GB (53%) free of 142 GB
Total RAM: 1982 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:37 PM, on 12/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Users\ccity1\Desktop\Unused Desktop\RSIT.exe
C:\Program Files\trend micro\ccity1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3423
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3423
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3423
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [FDScreensaver] C:\fdscreensaver.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [JP595IR86O] C:\Windows\TEMP\Tjx.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [JP595IR86O] C:\Windows\TEMP\Tjx.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspe003.dll
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6832 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-17 815104]
"BigFix"=c:\program files\Bigfix\bigfix.exe [2006-11-16 2348584]
"FDScreensaver"=C:\fdscreensaver.exe []
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-12-20 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-12-20 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-12-20 81920]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-05-03 40072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1193150619\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-28 15:49:46 ----A---- C:\Windows\system32\lspE003.tmp
2010-12-28 15:49:46 ----A---- C:\Windows\system32\lspE003.dll
2010-12-27 20:04:10 ----D---- C:\Windows\Minidump
2010-12-27 15:07:36 ----D---- C:\Program Files\Secunia
2010-12-27 13:40:23 ----D---- C:\32788R22FWJFW
2010-12-26 20:29:03 ----SD---- C:\ComboFix
2010-12-26 16:49:55 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2010-12-29 13:15:36 ----D---- C:\Windows\Temp
2010-12-29 13:15:36 ----D---- C:\Program Files\trend micro
2010-12-29 12:36:13 ----HD---- C:\Windows\inf
2010-12-29 12:36:13 ----D---- C:\Windows\System32
2010-12-29 12:36:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-29 12:06:24 ----D---- C:\Windows
2010-12-28 22:49:47 ----SHD---- C:\Windows\Installer
2010-12-28 22:49:43 ----D---- C:\ProgramData\Microsoft Help
2010-12-28 20:33:37 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-28 20:31:47 ----D---- C:\Windows\Microsoft.NET
2010-12-28 20:31:29 ----RSD---- C:\Windows\assembly
2010-12-28 20:20:11 ----D---- C:\Windows\system32\catroot
2010-12-28 20:20:06 ----D---- C:\Windows\winsxs
2010-12-28 20:19:22 ----D---- C:\Windows\system32\catroot2
2010-12-28 20:10:41 ----D---- C:\Windows\Debug
2010-12-28 17:23:57 ----D---- C:\Windows\system32\drivers
2010-12-28 17:23:16 ----D---- C:\Windows\tracing
2010-12-28 15:50:09 ----A---- C:\Windows\ntbtlog.txt
2010-12-28 15:40:44 ----D---- C:\Program Files\Mozilla Firefox
2010-12-28 15:27:20 ----D---- C:\Windows\Tasks
2010-12-28 14:40:48 ----D---- C:\Windows\ERDNT
2010-12-27 19:59:22 ----D---- C:\Windows\Panther
2010-12-27 19:59:07 ----HD---- C:\ProgramData
2010-12-27 19:34:09 ----D---- C:\Users\ccity1\AppData\Roaming\uTorrent
2010-12-27 19:24:00 ----D---- C:\Windows\system32\wbem
2010-12-27 19:23:17 ----D---- C:\Windows\system32\config
2010-12-27 19:22:29 ----D---- C:\Program Files\Common Files\Services
2010-12-27 19:22:27 ----D---- C:\Windows\system32\spool
2010-12-27 19:22:27 ----D---- C:\Windows\system32\Msdtc
2010-12-27 19:22:27 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-27 19:22:27 ----D---- C:\Windows\SMINST
2010-12-27 19:22:27 ----D---- C:\Windows\rescache
2010-12-27 19:22:18 ----D---- C:\Program Files\uTorrent
2010-12-27 19:22:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-27 19:22:15 ----RD---- C:\Program Files
2010-12-27 19:22:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-27 19:22:15 ----D---- C:\Program Files\Java
2010-12-27 19:22:14 ----D---- C:\Program Files\Gateway Games
2010-12-27 19:22:13 ----D---- C:\Program Files\ERUNT
2010-12-27 19:22:13 ----D---- C:\Program Files\Common Files\Java
2010-12-27 19:22:13 ----D---- C:\Program Files\Common Files
2010-12-27 19:22:13 ----D---- C:\Program Files\BigFix
2010-12-27 19:22:13 ----D---- C:\Program Files\Ares
2010-12-27 19:22:03 ----D---- C:\Windows\registration
2010-12-27 19:21:57 ----D---- C:\Program Files\Windows Media Player
2010-12-27 19:14:56 ----SHD---- C:\System Volume Information
2010-12-27 19:01:48 ----SD---- C:\Users\ccity1\AppData\Roaming\Microsoft
2010-12-26 21:08:21 ----D---- C:\Windows\MSAgent
2010-12-26 14:32:00 ----D---- C:\Windows\SoftwareDistribution
2010-12-26 14:25:37 ----D---- C:\Windows\Prefetch
2010-12-26 14:20:07 ----D---- C:\Windows\system32\Tasks
2010-12-26 12:00:39 ----AD---- C:\ProgramData\TEMP
2010-12-08 21:34:08 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-20 4448160]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver; C:\Windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-01-02 649216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-17 181176]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2006-12-20 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-27 654848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-03 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

It must of been deleted, although not sure why hubby would feel the need to do that...

No this was completely different. When we encountered this new virus we were on a video streaming site and a whitesmoke ad popped up and when we tried to close it a new window for white smoke popped up advertising the software. We tried to close and all the tiny windows started popping up. When we ran malwarebites all the items were whitesmoke items so we deleted some and when we couldn't find the others we uninstalled the whitesmoke program that it loaded onto our laptop. Ever since we got rid of whitesmoke, the issues have gotten better. And after running all of the other programs everything has been working fine. The only issue I'm experiencing now is not being able to boot in normal mode, so I am thinking its related to the new video card not being properly installed...but I wanted to make sure that was all first.

I found the Qoobox and Combo fix folders that he manually deleted in the recycle bin, not sure if that will be any help to you.