Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bot infection, multiple viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 27th, 2010, 5:17 pm

Hi

Looking good. How's the computer running now?
One more run with RSIT, just to make sure nothing has been missed:
Random's System Information Tool (RSIT)
  • Right click on RSIT.exe then choose Run as Administrator to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, it will only produce one log this time
  • Copy & paste the contents of the log in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 27th, 2010, 10:07 pm

received the following error message during the "Performing Registry Dump" phase:

Line 3601 (File "C:\Users\Adam\Desktop\RSIT.exe"):

Error: Subscript used with non-Array variable


other than the above error, my computer is working...actually WORKING...for the first time in over a month!
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 28th, 2010, 9:06 am

Hi
Apologies for the delay.

Try rebooting your computer, then run RSIT again following instructions posted.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 28th, 2010, 12:58 pm

Rebooted, received same error
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 28th, 2010, 8:27 pm

OK, leave it.

OTL
  • Right click on OTL.exe then choose Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Under the Standard Registry box change it to All
  • Check the boxes beside LOP Check & Purity Check
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long
  • When the scan completes, it will open two notepad windows. OTL.Txt & Extras.Txt. These are saved in the same location as OTL.
  • Copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time & post in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 28th, 2010, 10:21 pm

OTL logfile created on: 8/28/2010 7:12:08 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Adam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 76.13 Gb Free Space | 34.05% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.23 Gb Free Space | 13.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.28 Gb Total Space | 785.87 Gb Free Space | 84.39% Space Free | Partition Type: FAT32

Computer Name: ADAM-PC
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
PRC - C:\Users\Adam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Stardock\MyColors\WBVista.exe ()
PRC - C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (SafeList) ==========

MOD - C:\Users\Adam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Stardock\MyColors\wblind.dll (Stardock Corporation)
MOD - C:\Program Files\Stardock\MyColors\wbhelp.dll (Stardock.Net, Inc)
MOD - C:\Windows\System32\wbload.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
SRV - (KodakSvc) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (TMPassthruMP) -- C:\Windows\System32\DRIVERS\TMPassthru.sys File not found
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\EDA5.tmp File not found
DRV - (mcdbus) -- C:\Windows\System32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (mouclass) -- C:\Windows\System32\drivers\mouclass.sys ()
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 00000000 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:4.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 12:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files\FlashCatch\firefox [2009/10/17 13:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/01/04 18:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 18:20:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 18:20:42 | 000,000,000 | ---D | M]

[2010/07/27 18:21:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2010/07/27 18:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/11 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/22 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions
[2010/07/28 20:27:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 11:42:38 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2010/07/27 18:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 18:20:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/22 20:07:09 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 20:07:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/22 20:07:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/07/22 17:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/22 17:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/22 17:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/22 17:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/22 17:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/22 17:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/22 17:41:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/28 09:24:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\MyGarminAgent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Google Update] C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [RunSpySweeperScheduleAtStartup] C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe File not found
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/fa ... lyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GO333C~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (ystem32\msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 01:22:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 17:34:36 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 20:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/26 00:25:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/26 00:25:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2010/08/25 07:45:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/25 00:43:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/25 00:43:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/25 00:43:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/25 00:42:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/23 19:51:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\wininit.exe
[2010/08/23 03:06:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/08/22 11:13:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/22 11:13:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/22 11:13:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/22 11:13:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/22 11:13:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/22 11:13:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/22 11:13:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/22 11:13:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/22 11:13:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/22 11:13:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/22 11:13:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/22 11:13:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/22 11:13:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/22 11:13:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/22 11:13:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/22 11:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/08/22 11:12:16 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/22 11:12:12 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/22 11:12:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/22 11:11:00 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/22 11:10:26 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/21 18:55:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2010/08/16 21:28:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/16 21:22:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/16 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Malware Removal assist
[2010/08/15 13:24:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/31 15:55:21 | 015,821,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/07/31 15:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
[2010/07/29 21:12:54 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2008/11/29 23:02:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 19:13:45 | 005,505,024 | -HS- | M] () -- C:\Users\Adam\ntuser.dat
[2010/08/28 19:10:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 18:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000UA.job
[2010/08/28 18:09:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 18:09:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 17:05:45 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000Core.job
[2010/08/28 15:33:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job
[2010/08/28 14:13:18 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/28 14:13:12 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/28 14:12:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/28 14:12:24 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/28 14:09:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 14:09:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 14:09:26 | 2145,882,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 09:24:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/28 09:22:01 | 000,065,536 | -HS- | M] () -- C:\Users\Adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/28 09:22:00 | 000,524,288 | -HS- | M] () -- C:\Users\Adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/28 09:21:42 | 003,282,955 | -H-- | M] () -- C:\Users\Adam\AppData\Local\IconCache.db
[2010/08/27 23:46:04 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2010/08/27 20:02:21 | 000,339,991 | ---- | M] () -- C:\Users\Adam\Desktop\RSIT.exe
[2010/08/25 07:33:34 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/25 00:35:06 | 003,827,699 | R--- | M] () -- C:\Users\Adam\Desktop\ComboFix.exe
[2010/08/24 11:52:11 | 000,000,000 | ---- | M] () -- C:\Users\Adam\defogger_reenable
[2010/08/23 03:30:25 | 002,351,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/23 03:06:34 | 000,000,186 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/22 10:51:45 | 000,113,368 | ---- | M] () -- C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/21 18:35:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2010/08/20 18:42:05 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job
[2010/08/15 13:26:24 | 000,763,574 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/15 13:26:24 | 000,645,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/15 13:26:24 | 000,120,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/13 13:54:52 | 000,030,424 | ---- | M] () -- C:\Windows\System32\wrLZMA.dll
[2010/08/13 13:54:42 | 000,017,472 | ---- | M] () -- C:\Windows\System32\SsiEfr.exe
[2010/08/12 13:29:47 | 000,000,174 | ---- | M] () -- C:\Windows\win.ini
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/27 20:02:17 | 000,339,991 | ---- | C] () -- C:\Users\Adam\Desktop\RSIT.exe
[2010/08/25 00:43:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/25 00:43:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/25 00:43:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/25 00:43:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/25 00:43:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/25 00:34:43 | 003,827,699 | R--- | C] () -- C:\Users\Adam\Desktop\ComboFix.exe
[2010/08/24 11:52:11 | 000,000,000 | ---- | C] () -- C:\Users\Adam\defogger_reenable
[2010/08/23 03:06:34 | 000,000,186 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/18 21:02:41 | 2145,882,112 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/16 22:07:15 | 000,002,433 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/16 22:07:15 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/08/16 22:07:15 | 000,001,077 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/08/16 22:07:15 | 000,000,764 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/07/27 13:12:47 | 000,000,036 | ---- | C] () -- C:\Users\Adam\AppData\Local\housecall.guid.cache
[2010/07/25 11:45:35 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/06/20 18:33:14 | 000,000,991 | ---- | C] () -- C:\Windows\EFXP.ini
[2010/06/19 22:18:14 | 000,000,982 | ---- | C] () -- C:\Windows\EF.ini
[2010/06/07 18:44:52 | 000,000,092 | ---- | C] () -- C:\Users\Adam\AppData\Local\fusioncache.dat
[2010/05/30 10:52:16 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/30 10:47:05 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/03 18:35:16 | 000,000,270 | ---- | C] () -- C:\Windows\SStylerPro.ini
[2009/09/10 17:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/24 22:04:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/09 09:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/01/20 17:00:41 | 000,000,385 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/19 15:52:32 | 000,000,366 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\wklnhst.dat
[2009/01/18 18:47:46 | 000,870,128 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\mcs.rma
[2009/01/18 18:47:46 | 000,000,004 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\1EBE0A
[2009/01/05 11:14:46 | 000,000,110 | ---- | C] () -- C:\Windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2008/12/07 01:04:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/29 23:02:44 | 000,000,033 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2008/11/29 23:02:19 | 000,087,608 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\ezpinst.exe
[2008/11/29 23:02:19 | 000,007,824 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2008/11/29 23:02:19 | 000,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2008/11/28 00:52:08 | 000,237,568 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 00:40:11 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2008/11/27 20:27:37 | 000,131,160 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\UserTile.png
[2008/11/27 20:08:07 | 000,002,708 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2008/11/24 21:36:38 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/24 21:36:36 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/03/20 01:13:03 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/20 01:02:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/20 01:02:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/20 20:23:20 | 000,034,360 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll

========== LOP Check ==========

[2009/02/23 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Alloysoft
[2009/02/12 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amaranth Games
[2008/12/18 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Anonymizer
[2009/02/18 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ashtons. Family Resort
[2009/09/21 19:21:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Babylonia
[2009/02/04 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BeachPartyCraze
[2009/01/23 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\blg
[2010/02/28 17:04:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Boomzap
[2009/06/16 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DonationCoder
[2009/01/25 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GameInvest
[2010/03/21 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GARMIN
[2009/02/11 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/01/06 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Gogii Games
[2009/12/13 20:28:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ideazon
[2008/12/18 12:33:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/22 22:52:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\IObit
[2009/02/11 10:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Jane s Hotel Family Hero
[2008/11/27 20:14:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/01/26 22:50:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ludia
[2009/10/22 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Maxthon2
[2009/02/22 22:45:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Meda MP3 Joiner 1.2
[2010/06/13 22:42:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mind Control Software
[2009/09/08 00:21:48 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MobMapUpdater
[2008/11/29 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\muvee Technologies
[2009/10/22 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MxBoost
[2010/07/26 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NCH Swift Sound
[2009/02/21 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Oberon Games
[2010/05/17 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2010/02/28 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PlayFirst
[2008/11/29 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pogo Games
[2010/07/27 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Red Kawa
[2010/07/10 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RiffTrax
[2009/11/07 11:07:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\runic games
[2010/05/29 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Skinux
[2010/04/11 16:09:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Stardock
[2009/01/19 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Template
[2010/03/05 08:30:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TreeCardGames
[2010/06/07 18:45:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Turbine
[2009/01/01 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Valusoft
[2008/11/30 01:58:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Video DVD Maker FREE
[2009/02/16 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ViquaSoft
[2008/11/30 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2008/11/28 01:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WildTangent
[2008/11/28 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch
[2010/03/28 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\XWindows Dock
[2010/01/21 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\yess
[2009/02/18 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Youdagames
[2010/08/28 09:22:17 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/28 15:33:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:19C3BC3A
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:D4D3884D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A636021B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C43BFB01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35A81752
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1D9ED8F7
< End of report >
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 28th, 2010, 10:25 pm

no extras.txt generated
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 28th, 2010, 11:31 pm

Hi

Run Fix With OTL
Highlight the following in the code box and press Ctrl+C on the keyboard
Make sure you include the first colon (:)

Code: Select all
:Commands
[CreateRestorePoint]
:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O32 - AutoRun File - [2008/03/20 01:22:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 17:34:36 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010/08/23 19:51:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\wininit.exe
[2009/11/22 22:52:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\IObit
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:19C3BC3A
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:D4D3884D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A636021B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C43BFB01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35A81752
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1D9ED8F7
:Commands
[EmptyTemp]
[Reboot]


Double-click on the OTL.exe file to start OTL. OK any warning about running OTL.
Click in the Custom Scans/Fixes box at the bottom of the OTL window
Press Ctrl+V to paste the above code in the box (check that the code appears)
Click the Run Fix button
Please post the resulting log & close OTL.

How's the computer running? Any problems?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 28th, 2010, 11:48 pm

All processes killed
========== COMMANDS ==========

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:y Packages settings... deleted successfully.
C:\autoexec.bat moved successfully.
File not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk /p \??\F: deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\wininit.exe moved successfully.
C:\Users\Adam\AppData\Roaming\IObit\SmartRAM folder moved successfully.
C:\Users\Adam\AppData\Roaming\IObit\InternetBooster folder moved successfully.
C:\Users\Adam\AppData\Roaming\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Users\Adam\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\Adam\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\Adam\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\TEMP:19C3BC3A deleted successfully.
ADS C:\ProgramData\TEMP:6BD304B9 deleted successfully.
ADS C:\ProgramData\TEMP:7F4DB476 deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:D4D3884D deleted successfully.
ADS C:\ProgramData\TEMP:A636021B deleted successfully.
ADS C:\ProgramData\TEMP:C43BFB01 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:5F1019FF deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:59846E5E deleted successfully.
ADS C:\ProgramData\TEMP:35A81752 deleted successfully.
ADS C:\ProgramData\TEMP:D8DB81DC deleted successfully.
ADS C:\ProgramData\TEMP:E5294695 deleted successfully.
ADS C:\ProgramData\TEMP:0C988F7D deleted successfully.
ADS C:\ProgramData\TEMP:1D9ED8F7 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 36281490 bytes
->Temporary Internet Files folder emptied: 111789245 bytes
->Java cache emptied: 130120 bytes
->FireFox cache emptied: 31120672 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1008 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 341074 bytes

Total Files Cleaned = 171.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08282010_213906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 28th, 2010, 11:54 pm

How's the computer running now? Any problems?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 29th, 2010, 12:35 pm

No problems that I can find. It seems to be running very well! Speed is back, internet doesn't stutter, Qwest hasn't sent me messages or shut me down again :) Things are great!

What was that? How did I contract it?

Thank you so very much for your knowledge, skill and patience.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 29th, 2010, 5:04 pm

Hi

The main one was an infection named Bamital... which patches certain files, such wininit.exe, explorere.exe & web browsers such as Internet Explorer & Firefox. There were also remnants of a a TDSS rootkit infection plus on or two other junk files.

Remove Programs
If you haven't already done so, please remove the followibg outdated versions of Java, as they are open to exploitation:
Click Start > Control Panel > Programs and Features
Remove these programs by clicking Remove

Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1


If some programs listed are not present, please do not panic

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
  • Double-click OTL
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it yourself
You can delete the following from your desktop:
TFC.exe
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop

You should also remove HijackThis. You can do this by going to Programs and Features

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Click Start->Control Panel->System->System Protection->System Protection tab
Select Create, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Enable UAC
Having the UAC turned off reduces the security of your computer and may expose you to increased risk from malicious software. We do not recommend leaving UAC disabled.
  • Click Start
  • In the Run box type msconfig then click OK
  • Click the Tools tab & scroll down to Disable UAC
  • Highlight it then click the Launch button followed by OK
  • Reboot your computer when prompted

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 29th, 2010, 9:40 pm

I cannot thank you enough. My hat is off to my new cyber-hero! :cheers:
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 29th, 2010, 11:41 pm

No problem at all. Glad I could help

Good Luck & Surf Safe :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 30th, 2010, 7:31 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware