BleepingComputer.com: Win32.Trojan Agent and Win32.Trojan Vundo found.

I recently ran Advanced System Care to clean up my PC and make it more stable for the Skyrim release, however it's malware tool detected Win.32 Trojan Agent(and scanned another file called Win.32 Trojan Vundo... and something Frauder... didn't catch the name.

I clicked fix problem and assumed it was alright, but Ad-Aware recently said it detected it. But ad-aware bugged out and crashed, I ran ad-aware again and nothing was detected.

Summary:
-Multiple Virus scans detected Win32.Trojan Agent
-Later Deep scans failed to find it again.
-Some scans were shown to be scanning files called Win32.Trojan Vundo and Frauder.
-Currently scans are not locating them.

I am a little paranoid at this point, and would like to see if I can get these suckers removed. You guys have helped me in the past and have done great work, so I know I am in good hands here. Thank you very much in advance.

This post has been edited by hamluis: 11 November 2011 - 12:18 PM
Reason for edit: Moved from Vista to Am I Infected.

Quote

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
  
• Do I need a Registry Cleaner?

=======================================================================================

Let's do some checking....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Malwarebites discovered 3 infections, when I clicked "remove selected" A pop up saying that they were successfully removed appeared...

At this point my computer restarted itself, I was greeted with a black screen and a "Loading boot initializer" followed by the messages that Malware bites were removing the said infected files.

I am not sure if this is normal or not, but I will take the time to redo everything you have listed and edit them into this post momentarily.

Security Check Logs:

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 8.5
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 27
Adobe Flash Player ( 10.3.181.22) Flash Player Out of Date!
Mozilla Firefox (3.6.24) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe

MiniTool Box Report:

MiniToolBox by Farbar
Ran by User (administrator) on 11-11-2011 at 16:14:01
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ibuypower
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 00-22-15-55-AC-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::298b:2020:12f7:80ab%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, November 11, 2011 4:07:57 PM
Lease Expires . . . . . . . . . . : Saturday, November 12, 2011 4:07:57 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268444181
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-74-3F-2E-00-1B-21-1D-2A-22
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{96203BD8-F6DC-468A-A12A-0B97E43EFDCD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c88:13c3:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::c88:13c3:3f57:fefd%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.45.104
74.125.45.103
74.125.45.105
74.125.45.99
74.125.45.106
74.125.45.147



Pinging google.com [74.125.45.103] with 32 bytes of data:

Reply from 74.125.45.103: bytes=32 time=41ms TTL=48

Reply from 74.125.45.103: bytes=32 time=41ms TTL=48



Ping statistics for 74.125.45.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 41ms, Average = 41ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=48ms TTL=47

Reply from 209.191.122.70: bytes=32 time=49ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 49ms, Average = 48ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 15 55 ac f2 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.{96203BD8-F6DC-468A-A12A-0B97E43EFDCD}
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:4137:9e76:c88:13c3:3f57:fefd/128
On-link
11 276 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::c88:13c3:3f57:fefd/128
On-link
11 276 fe80::298b:2020:12f7:80ab/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2011 04:08:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2011 10:08:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2011 00:21:49 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = c:\program files (x86)\steam\steamapps\common\skyrim\DirectX10\DXSETUP.exe files (x86)\steam\steamapps\common\skyrim\DirectX10\DXSETUP.exe" /silent; Descripton = äxËu; Hr = 0x80070057).

Error: (11/11/2011 00:12:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2011 05:11:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2011 03:30:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2011 10:35:52 AM) (Source: Application Hang) (User: )
Description: The program RegInOut.exe version 3.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fb4
Start Time: 01cc9fbdae8cf7a3
Termination Time: 0

Error: (11/10/2011 10:29:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (11/10/2011 06:56:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2011 09:30:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/11/2011 10:24:05 AM) (Source: Service Control Manager) (User: )
Description: Lbd%%2

Error: (11/11/2011 10:09:57 AM) (Source: Service Control Manager) (User: )
Description: Application Updater1

Error: (11/10/2011 10:40:51 AM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service

Error: (10/28/2011 02:14:00 PM) (Source: Service Control Manager) (User: )
Description: Lavalys EVEREST Kernel Driver%%577

Error: (10/28/2011 02:14:00 PM) (Source: Service Control Manager) (User: )
Description: Lavalys EVEREST Kernel Driver%%577

Error: (10/26/2011 10:13:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00221555ACF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (10/13/2011 09:15:58 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/13/2011 09:15:58 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (10/13/2011 09:15:58 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/04/2011 07:07:52 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00221555ACF2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

(Version: 6.9.1)
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.0.4)
2007 Microsoft Office system (Version: 12.0.6425.1000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Ad-Aware (Version: 9.6.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Shockwave Player (Version: 11)
Advanced SystemCare 4 (Version: 4.2.0)
Alien Swarm
Altitude
Anarchy Online (Version: 1.0)
AnyDVD (Version: 6.6.9.0)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Ask Toolbar (Version: 1.12.2.0)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.28)
Avanquest update (Version: 1.15)
AVG Free 8.5
AVI To PSP Converter 1.00
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 2.0.2.0)
Borderlands
CCleaner (Version: 2.36)
Comcast High-Speed Internet Install Wizard
D3DX10 (Version: 15.4.2368.0902)
Diablo II
DivX Converter (Version: 6.6.1)
DivX Player (Version: 7.2.0)
DivX Setup (Version: 2.1.2.2)
DivX Version Checker (Version: 7.1.0.9)
DoremiSoft AVI to MP4 Converter 1.0 (Version: 1.0)
Dragon Age: Origins (Version: 1.00)
Dragonica Online
DragonNest
DTVblizzcon (Version: 3.0.0.32)
Eufloria 2.00
EVEREST Home Edition v2.20 (Version: 2.20)
ffdshow v1.1.3562 [2010-09-07] (Version: 1.1.3562.0)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Free YouTube to iPod Converter version 3.3
FULL CLIENT (Version: 1.0)
Furcadia (Version: 27)
Futuremark SystemInfo (Version: 3.16.2.1)
GIF Viewer 3.2 (v2) (Version: 3.2 (v2))
Global Agenda Launcher (Version: 1.0.0)
Half-Life 2
Half-Life 2: Lost Coast
HijackThis 2.0.2 (Version: 2.0.2)
IObit Toolbar v4.7 (Version: 4.7)
iTunes (Version: 9.2.0.61)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Codec Pack 3.2.5 Standard (Version: 3.25)
League of Legends (Version: 1.25.000)
League of Legends (Version: 1.3)
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Demo
MagicDisc 2.6.93
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MapleStory (Version: 076)
Mass Effect
Mass Effect 2
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
mIRC (Version: 6.35)
Mobile Mouse Server (Version: 2.0.3.1)
MobileVT 3.4
MotioninJoy ds3 driver version 0.4.0002 (Version: 0.4.000)
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-US))
MP3 Surgeon 2004
MP4 Player (Version: )
MSVCRT (Version: 15.4.2862.0708)
MUSHclient (remove only)
NCsoft Launcher (Version: 1.5.4.2)
Nexon Game Manager
Notepad++ (Version: 5.7)
NVIDIA 3D Vision Driver 260.99 (Version: 260.99)
NVIDIA Control Panel 260.99 (Version: 260.99)
NVIDIA Graphics Driver 260.99 (Version: 260.99)
NVIDIA Install Application (Version: 2.0.14.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6099)
Oblivion (Version: 1.00.0000)
Pando Media Booster (Version: 2.3.5.6)
Pcsx2 0.9.6 (Version: 1.0.0)
Pirates, Vikings, & Knights II
Platform (Version: 1.26)
Portal
PowerISO (Version: 4.8)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RebirthRO Full Client (Version: 6.0)
Recettear: An Item Shop's Tale
Recettear: An Item Shop's Tale - Demo
RegInOut System Utilities (Version: 3.0.0.2000)
RIFT (Version: 1.0.0)
Safari (Version: 5.33.16.0)
SCHTHACK PSOBB Compatibility Database
Segoe UI (Version: 15.4.2271.0615)
Shadowgrounds
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.5 (Version: 5.5.113)
Spiral Knights
Spybot - Search & Destroy (Version: 1.6.0)
StarCraft II (Version: 1.0.3.16291)
Station Launcher (Version: 1.00.0000)
Steam (Version: 1.0.0.0)
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
Team Fortress 2
Terrafirma (Version: 1.6.5)
Terraria
The Elder Scrolls V: Skyrim
Torchlight
TransferMy Video (Version: 3.50)
TransferMy Video (Version: 3.50.000)
Trickster Online
Uninstall 1.0.0.1
Uninstall Startup Inspector
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client (Version: 3.0.1)
VIA Platform Device Manager (Version: 1.26)
Viewpoint Media Player
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)
Vuze Remote Toolbar (Version: 5.7.2.2)
WavePad Sound Editor
WebMeeting Plug-in (Version: 6.0)
Winamp (Version: 5.541 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
Windows Mobile® Device Handbook (Version: 1.0)
WinRAR archiver
WinSCP 4.2.9 (Version: 4.2.9)
World of Warcraft (Version: 4.2.2.14545)
World of Warcraft Public Test (Version: 0.0.0.0)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4094.25 MB
Available physical RAM: 2275.41 MB
Total Pagefile: 8409.8 MB
Available Pagefile: 6428.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 4001.36 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:229.97 GB) NTFS

========================= Users: ========================================

User accounts for \\IBUYPOWER

Administrator ASPNET Guest
User


**** End of log ****

Malwarebytes Report:

I found the log from before they removed and have one after they were removed.

First log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/11/2011 4:06:24 PM
mbam-log-2011-11-11 (16-06-24).txt

Scan type: Quick scan
Objects scanned: 168680
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.


Second log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/11/2011 4:18:01 PM
mbam-log-2011-11-11 (16-18-01).txt

Scan type: Quick scan
Objects scanned: 168655
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Report:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-11 16:59:00
Windows 6.0.6002 Service Pack 2
Running: ld7lptmg.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x89 0xD0 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x6D 0xAC 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB1 0xB5 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x89 0xD0 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x6D 0xAC 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB1 0xB5 0x04 ...

---- EOF - GMER 1.0.15 ----

No messages popped up asking me to hit okay.

This post has been edited by GreenEMR: 11 November 2011 - 05:02 PM

Looks good.

You can safely uninstall McAfee Security Scan Plus, typical foistware.

Any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click on List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  NOTE. If Eset doesn't find any threats it'll NOT produce any log.

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5586b2cf-79c2e380 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined

Another Trojan =/

This post has been edited by GreenEMR: 12 November 2011 - 06:36 PM

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

Thank you very much! You have been an amazing help!

You're very welcome