Multiple iexplorer.exe process running.Thanks

[grimaceivxx]

Still can't run rootrepeal it seems like it is about to finish but, that translucent window pops up and locks it up or it just shuts down... I disabled my anti virus and I'm not running any emulators or cd emulators I do have that "Tuneup Utilities"program but, really thats the only thing I got running? I dunno? here is the combofix log though



ComboFix 10-07-30.01 - Grimace 07/30/2010 21:32:02.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1026 [GMT -7:00]
Running from: c:\users\Grimace\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
.
---- Previous Run -------
.
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . failed to delete

.
MBR is infected with the Whistler Bootkit !!

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))))
.

2010-07-31 04:38 . 2010-07-31 04:40 -------- d-----w- c:\users\Grimace\AppData\Local\temp
2010-07-31 04:38 . 2010-07-31 04:38 -------- d-----w- c:\users\test\AppData\Local\temp
2010-07-31 04:38 . 2010-07-31 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-31 04:38 . 2010-07-31 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-21 04:36 . 2010-07-21 04:36 -------- d-----w- c:\users\Grimace\AppData\Roaming\Malwarebytes
2010-07-21 04:36 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 04:36 . 2010-07-21 04:36 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 04:36 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 04:36 . 2010-07-21 06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 05:55 . 2010-07-20 05:55 -------- d-----w- c:\program files\iPod
2010-07-13 22:44 . 2010-07-13 22:44 -------- d-----w- c:\program files\ERUNT
2010-07-13 04:13 . 2010-07-13 06:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-13 04:13 . 2010-07-13 04:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 05:37 . 2010-07-12 05:37 -------- d-----w- c:\users\test\AppData\Roaming\Avira
2010-07-12 05:29 . 2010-07-12 05:29 -------- d-----w- c:\users\test\AppData\Roaming\TuneUp Software
2010-07-12 04:06 . 2010-07-12 04:06 0 ----a-w- c:\windows\nsreg.dat
2010-07-05 22:32 . 2010-02-12 20:36 836384 ----a-w- c:\windows\system32\drivers\ae1000va.sys
2010-07-05 22:31 . 2010-07-05 22:31 -------- d-----w- c:\programdata\Cisco Systems
2010-07-03 10:08 . 2009-10-30 22:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-03 10:08 . 2009-10-30 22:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-07-03 10:08 . 2009-10-30 22:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-03 10:08 . 2010-07-03 10:08 -------- d-----w- c:\users\Grimace\AppData\Roaming\TuneUp Software
2010-07-03 10:07 . 2010-07-03 10:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-03 10:06 . 2010-07-03 10:07 -------- d-----w- c:\programdata\TuneUp Software
2010-07-03 10:06 . 2010-07-03 10:06 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-01 06:47 . 2010-07-01 06:53 -------- d-----w- c:\users\Grimace\.BayPhoto
2010-07-01 06:46 . 2010-07-01 06:53 -------- d-----w- c:\users\Grimace\.roescache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 22:23 . 2010-01-26 20:24 -------- d-----w- c:\users\Grimace\AppData\Roaming\gtk-2.0
2010-07-21 06:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-21 04:02 . 2010-01-07 04:07 -------- d-----w- c:\programdata\avg9
2010-07-21 03:54 . 2010-07-21 03:54 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 03:53 . 2010-07-21 03:53 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 03:53 . 2010-07-21 03:53 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 03:53 . 2010-07-21 03:53 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 03:53 . 2010-07-21 03:53 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 05:55 . 2010-05-22 18:30 -------- d-----w- c:\program files\iTunes
2010-07-20 05:55 . 2010-01-06 07:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 05:51 . 2010-07-20 05:51 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-17 22:13 . 2010-01-07 05:35 -------- d-----w- c:\users\Grimace\AppData\Roaming\uTorrent
2010-07-17 02:35 . 2010-07-17 02:35 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-17 02:35 . 2010-07-17 02:35 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-17 02:34 . 2010-07-17 02:34 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-17 02:34 . 2010-07-17 02:34 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-17 02:34 . 2010-07-17 02:34 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-17 02:34 . 2010-07-17 02:34 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-12 05:28 . 2010-07-12 05:28 49168 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-03 10:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-01 05:26 . 2010-01-06 06:50 -------- d-----w- c:\users\Grimace\AppData\Roaming\vlc
2010-06-24 06:05 . 2010-06-24 06:05 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 07:26 . 2010-01-10 07:27 -------- d-----w- c:\users\Grimace\AppData\Roaming\LimeWire
2010-06-18 07:09 . 2010-06-18 07:09 -------- d-----w- c:\program files\Bonjour
2010-06-14 00:57 . 2010-01-09 03:19 -------- d-----w- c:\program files\Google
2010-06-13 23:57 . 2010-01-10 10:57 -------- d-----w- c:\program files\Yahoo!
2010-06-13 23:54 . 2010-06-13 23:53 -------- d-----w- c:\users\Grimace\AppData\Roaming\GetRightToGo
2010-06-13 21:14 . 2010-05-07 06:06 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-13 21:14 . 2010-05-07 06:02 -------- d-----w- c:\programdata\DivX
2010-06-13 21:14 . 2010-06-13 21:14 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-13 21:14 . 2010-06-13 21:14 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-13 21:14 . 2010-01-09 03:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-13 21:14 . 2010-01-09 03:19 -------- d-----w- c:\program files\DivX
2010-06-13 21:14 . 2010-06-13 21:14 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-13 21:14 . 2010-06-13 21:14 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-13 21:13 . 2010-06-13 21:13 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-13 21:13 . 2010-06-13 21:13 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-13 21:13 . 2010-06-13 21:13 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-13 21:13 . 2010-06-13 21:13 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-13 21:12 . 2010-05-07 06:06 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-13 21:12 . 2010-05-07 06:06 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-10 07:50 . 2010-02-04 07:56 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-06-05 23:42 . 2010-01-22 04:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 17:06 . 2010-06-09 02:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 02:40 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2010-01-05 06:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-07 06:05 . 2010-05-07 06:05 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-07 06:05 . 2010-05-07 06:05 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-04 05:59 . 2010-06-09 02:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 02:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 02:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]

c:\users\Grimace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Grimace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Grimace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Grimace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Grimace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-16 14:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 23:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 21:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-04-14 10:33 13687328 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-04-14 10:33 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):50,24,0f,40,84,8f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-896808877-2054827027-2505662573-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2005-03-16 43392]
R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [2008-01-08 238072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000va.sys [2010-02-12 836384]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{3F263493-9286-4D04-9058-1926A0A96C40}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Grimace\AppData\Roaming\Mozilla\Firefox\Profiles\0oy2l2qs.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/\r
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,be,f0,84,01,43,cb,49,b3,b4,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,be,f0,84,01,43,cb,49,b3,b4,14,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-07-30 21:49:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-31 04:49
ComboFix2.txt 2010-07-21 07:14

Pre-Run: 753,043,050,496 bytes free
Post-Run: 752,917,868,544 bytes free

- - End Of File - - 3CAEAD951D3A455DA2F2666A34A8F271

[shelf life]

ok. Try using the MBRcheck tool again. If that dosnt work we will try the vista recovery environment. do you have the Vista installation CD\DVD?



1. Run MBRCheck.exe
2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
3. Please push the 'Y' key and then press Enter
4. When program ask you Enter your choice: enter (2) and press the Enter key
5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
6. Enter 0 and press the Enter key.
7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 3 for Windows Vista, and then press Enter.
8. The program will prompt for confirmation. Type 'YES' and hit Enter.
9. Left click on the title bar (where program name and path is written).
10. From menu chose Edit -> Select All
11. Hit the Enter key on your keyboard to copy selected text.
12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
13. Restart your PC.
14. Post the text in "MBRCheck results.txt" here, please.

[grimaceivxx]

dude... whatever we did after the restart windows would not load it required the boot disc to load and told me to click "repair computer" when choosing my language setup I should of wrote down the error it was like wtm00002 or something but, that is here nor there I did and It all came back Im watching my proceseses in the task manager and I actually don't have any iexplorer.exe files running anymore! which is cool but but I still have 10or more svchost.exe file running and some are using a lot of memory... here is the log


MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows Vista)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel



Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.





Done! Press ENTER to exit...

[shelf life]

ok good. Not sure what the repair was about but it looks like the MBR write was a success. I have 7 svchost running in task manager.
See link.
Is your computer free of the malware signs you had before? Maybe popups, page re-direction etc?

[grimaceivxx]

Ahhh that was a pretty informative thanks for that... I'm pretty anal about my process's and start up programs etc and have never noticed all those but, they all seemed ligament so I dunno I'll read over that a few more times and tool around with some of them... was there anything else I should do or do you think that is it?

[shelf life]

was there anything else I should do or do you think that is it?

Looks ok to me based on the logs. Hows is it on your end now? Multiply IE's are gone, any other symptoms you may have had gone now?

[grimaceivxx]

Hello, no more of the process running but, when Avira did a scan it found 5 HEUR/HTML Malware warnings...




Avira AntiVir Personal
Report file date: Sunday, August 01, 2010 12:55

Scanning for 2661693 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MASTERCONTROL

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:57:13
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:19:31
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 22:23:34
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 22:23:34
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 22:23:36
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 22:23:36
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 22:23:36
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 22:23:37
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 02:36:26
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:32:00
VBASE015.VDF : 7.10.10.0 2048 Bytes 7/29/2010 20:32:00
VBASE016.VDF : 7.10.10.1 2048 Bytes 7/29/2010 20:32:01
VBASE017.VDF : 7.10.10.2 2048 Bytes 7/29/2010 20:32:01
VBASE018.VDF : 7.10.10.3 2048 Bytes 7/29/2010 20:32:01
VBASE019.VDF : 7.10.10.4 2048 Bytes 7/29/2010 20:32:01
VBASE020.VDF : 7.10.10.5 2048 Bytes 7/29/2010 20:32:01
VBASE021.VDF : 7.10.10.6 2048 Bytes 7/29/2010 20:32:02
VBASE022.VDF : 7.10.10.7 2048 Bytes 7/29/2010 20:32:02
VBASE023.VDF : 7.10.10.8 2048 Bytes 7/29/2010 20:32:02
VBASE024.VDF : 7.10.10.9 2048 Bytes 7/29/2010 20:32:02
VBASE025.VDF : 7.10.10.10 2048 Bytes 7/29/2010 20:32:02
VBASE026.VDF : 7.10.10.11 2048 Bytes 7/29/2010 20:32:03
VBASE027.VDF : 7.10.10.12 2048 Bytes 7/29/2010 20:32:03
VBASE028.VDF : 7.10.10.13 2048 Bytes 7/29/2010 20:32:03
VBASE029.VDF : 7.10.10.14 2048 Bytes 7/29/2010 20:32:03
VBASE030.VDF : 7.10.10.15 2048 Bytes 7/29/2010 20:32:03
VBASE031.VDF : 7.10.10.25 97280 Bytes 7/30/2010 20:32:04
Engineversion : 8.2.4.32
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/31/2010 20:32:14
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 7/31/2010 20:32:14
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 01:57:01
AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 02:57:03
AERDL.DLL : 8.1.8.2 614772 Bytes 7/24/2010 22:23:59
AEPACK.DLL : 8.2.3.3 471414 Bytes 7/31/2010 20:32:13
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/24/2010 22:23:54
AEHEUR.DLL : 8.1.2.10 2830711 Bytes 7/31/2010 20:32:11
AEHELP.DLL : 8.1.13.2 242039 Bytes 7/24/2010 22:23:47
AEGEN.DLL : 8.1.3.18 393589 Bytes 7/31/2010 20:32:05
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 02:57:00
AECORE.DLL : 8.1.16.2 192887 Bytes 7/24/2010 22:23:44
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 02:56:59
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, August 01, 2010 12:55

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\offlinedetectionpending
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'TrustedInstaller.exe' - '56' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '63' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '65' Module(s) have been scanned
Scan process 'ehmsas.exe' - '19' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'avgnt.exe' - '62' Module(s) have been scanned
Scan process 'MSASCui.exe' - '39' Module(s) have been scanned
Scan process 'Explorer.EXE' - '129' Module(s) have been scanned
Scan process 'TuneUpUtilitiesApp32.exe' - '24' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'taskeng.exe' - '78' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '33' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'TuneUpUtilitiesService32.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '23' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '83' Module(s) have been scanned
Scan process 'rundll32.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '24' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1691' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\027CBC27d01
[0] Archive type: GZ
[DETECTION] Contains HEUR/HTML.Malware suspicious code
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\119BEC6Fd01
[0] Archive type: GZ
[DETECTION] Contains HEUR/HTML.Malware suspicious code
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\6E9D9E61d01
[0] Archive type: GZ
[DETECTION] Contains HEUR/HTML.Malware suspicious code
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\D0E6F06Bd01
[0] Archive type: GZ
[DETECTION] Contains HEUR/HTML.Malware suspicious code
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code

Beginning disinfection:
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\D0E6F06Bd01
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to the quarantine directory under the name '4835470d.qua'.
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\6E9D9E61d01
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to the quarantine directory under the name '50b668b7.qua'.
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\119BEC6Fd01
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to the quarantine directory under the name '02e93243.qua'.
C:\Users\Grimace\AppData\Local\Mozilla\Firefox\Profiles\0oy2l2qs.default\Cache\027CBC27d01
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to the quarantine directory under the name '64dc7d8e.qua'.


End of the scan: Sunday, August 01, 2010 14:13
Used time: 1:14:07 Hour(s)

The scan has been done completely.

33118 Scanned directories
331609 Files were scanned
0 Viruses and/or unwanted programs were found
4 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
331605 Files not concerned
1164 Archives were scanned
0 Warnings
4 Notes
638908 Objects were scanned with rootkit scan
1 Hidden objects were found

[shelf life]

Avira did a scan it found 5 HEUR/HTML Malware warnings..

As long as it quarantined them, which it did.

You can remove combofix like this:
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /

You can delete the rootrepeal and MBRcheck icon from your desktop.
Keep Malwarebytes and note that the free version must be updated manually and a scan started manually.

FYI:keygens etc are very popular for carrying malware payloads.

You can make a new restore point but let me check the instructions first. The ones I have are for XP, not Vista. I will post back.

Some tips for you;

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader,iTunes etc. More and more third party applications are being targeted. Not sure if you have the latest version? Check their version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. *There is no reason why your computer can not stay malware free.*

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here and do it yourself.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Can you really trust the source of the file? Do you really need another malware source?

Longer version with pictures in link below.

Happy Safe Surfing.