My Anti Spyware

[fenderguy]

Hi, I'm running Comodo firewall on windows vista SP2. Also avast antivirus. A couple of weeks ago I suspected there was spyware as there were thousands of outbound connections, the main traffic seemed to be from svchost.exe (youve probably heard this plenty of times). I used spybot search and destroy to have a go, and it seemd to fix the problem, I was back down to between 10 + 60 outbound connections, which still seemed a bit much, and I cant really remember how many there were before the problem started.

In the past couple of days the outbound connections have been coming back, and on startup it can jump to around 2000 - 4000 before settling down to around 350, although it does fluctuate.
I've had spyware blaster running in the background since 2 weeks ago, and didnt hear anything from it. I tried spybot again, it found a few things and removed them. Someone suggested I try spyware terminator, it found a couple of other things, one of which was something called trojan.spy or something. Nice.

Ive also done full system scans with avast. But this time, it seems not to be doing anything, and all the outbound connections are still there. For inbound ones it usually says 0, but sometimes around 10, or even 40.

Here is my hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:31, on 08/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/56.20/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9815 bytes



Many thanks for your time and help.

[patrik]

Hello, welcome to the Myantispyware forum.

I would check a few more.
Download GMER Antirootkit from here.
Mirror location: here. This version will download a zip. If you use this mirror, please unzip it to a folder that you create such as C:\Gmer\.

Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. a1afk10a.exe) and allow the gmer.sys driver to load if asked.
For mirror version, double-click Gmer.exe to run the program.
When the program opens, click the ">>>" Tab
Click the "Rootkit/Malware" Tab.
Select all drives that are connected to your system to be scanned.
Click the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into a text file by clicking Edit -> Paste or Ctrl + V
Save the gmer scan log to your desktop.
Close Gmer.

Download RSIT by random/random from here and save it to your desktop.

* Double click on RSIT.exe to run RSIT.
* Click Continue at the disclaimer screen.
* Once it has finished, two logs will open. If it does not automatically open, then these logs can be found at %systemdrive%\rsit folder (typically C:\rsit)

Post back with GMER log +both RSIT logs. Post each log in separate post.

[fenderguy]

Unfortunately GMER started the scan, and then stopped responding. When I restarted the program it gave me a blue screen of death and the computer automatically restarted.

So here's RSIT #1:

info.txt logfile of random's system information tool 1.06 2010-03-10 19:39:02

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Classic Doom 3 1.3.1-->C:\Program Files\Doom 3\cdoom\uninst.exe
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
Descent Ultimate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50714DA0-8BD8-4240-8A58-B86DD8BED44F}\setup.exe" -l0x9 -removeonly
Deus Ex-->C:\programe files\DeusEx\System\Setup.exe uninstall "Deus Ex"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
FuelPlanner747-->C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\PMDG\Uninstal.exe
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop -forcereboot
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lemmings for Windows 95-->C:\Program Files\WinLemm\wlvsun10.exe uninstall
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Flight Simulator X Service Pack 1-->C:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{4847BBB9-EADD-4C92-90BF-4223B0892FF6}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X-->MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Monopoly Deluxe-->"C:\Program Files\Zylom Games\Monopoly Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PMDG 747-400/400F for FSX-->C:\Program Files\InstallShield Installation Information\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG BAe JS4100-->C:\Program Files\InstallShield Installation Information\{FB647DBE-2231-405D-AC36-C73246CBE305}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_3M-->C:\Program Files\InstallShield Installation Information\{26405538-F6B6-4EDC-8C58-6D291ADA2D38}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_4Z-->C:\Program Files\InstallShield Installation Information\{F6096C02-08BB-42A2-8683-C24703D4B370}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_AX-->C:\Program Files\InstallShield Installation Information\{A1C56A1D-0F1D-43F7-930A-29A0595A5BF2}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_AX2-->C:\Program Files\InstallShield Installation Information\{50CE738D-60A0-4721-92A5-5C0BD329A687}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_AX3-->C:\Program Files\InstallShield Installation Information\{9A61DAC0-8CFF-43C3-A145-D8F3E14C64CE}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_BA-->C:\Program Files\InstallShield Installation Information\{6EE89528-C458-4022-A76D-2AE2E6636DE5}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_BA2-->C:\Program Files\InstallShield Installation Information\{98AFCBC1-8682-410D-BD37-E0646B1D44B5}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_BD-->C:\Program Files\InstallShield Installation Information\{7B27E6B6-8B5B-447F-9788-CAD0A72A45F3}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_CDN-->C:\Program Files\InstallShield Installation Information\{E1BC2519-FA6B-4BA2-B028-3CA2A38A3A64}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG_BAe_JS4100_DH-->C:\Program Files\InstallShield Installation Information\{8E2A370A-C3CC-4C15-BA51-81500F451D77}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_AF-->C:\Program Files\InstallShield Installation Information\{70D78DCD-8369-4857-BFEF-021C9899DA75}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_JL-->C:\Program Files\InstallShield Installation Information\{0F251614-EDEF-4CDD-B327-B1DFFBA64CC8}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_JL2-->C:\Program Files\InstallShield Installation Information\{90E508AF-C108-4A16-9E6F-89C8795DAF0B}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_JL3-->C:\Program Files\InstallShield Installation Information\{0CBA8FE8-3245-4E62-B8BE-951A3C7C7EC3}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_KL-->C:\Program Files\InstallShield Installation Information\{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_KL2-->C:\Program Files\InstallShield Installation Information\{90BF9242-F9B2-4625-AB45-D7B251026E7E}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_LH-->C:\Program Files\InstallShield Installation Information\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_NH-->C:\Program Files\InstallShield Installation Information\{A1D97ADB-EFF4-4F31-B286-873F06AC6496}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_GE_VS-->C:\Program Files\InstallShield Installation Information\{B3B8E0B9-04D0-4449-969C-A23F0C90CB85}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_BO-->C:\Program Files\InstallShield Installation Information\{8F1F8A0C-6027-41C1-9E73-20D47B77C0D1}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_CA-->C:\Program Files\InstallShield Installation Information\{83370581-6426-4EC6-B194-AE9FA35AB231}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_CI-->C:\Program Files\InstallShield Installation Information\{1F0DB6EB-B8D8-45E4-9B04-3DA89B68FEBF}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_MH-->C:\Program Files\InstallShield Installation Information\{56BBD67B-36C0-449E-9AD1-B79F13E71243}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_SQ-->C:\Program Files\InstallShield Installation Information\{6758B364-96C0-4143-ABDF-8160F8A2AA0D}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_UA2-->C:\Program Files\InstallShield Installation Information\{2B5DDFFF-F347-489E-861D-98D02D00472D}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_PW_UA3-->C:\Program Files\InstallShield Installation Information\{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_RR_BA-->C:\Program Files\InstallShield Installation Information\{9C979BC5-0B86-47A1-B6C1-6057297DB61C}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_RR_CX_Hong_Kong-->C:\Program Files\InstallShield Installation Information\{83741367-3E89-44E4-8FCB-734B75254FDD}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_RR_CX-->C:\Program Files\InstallShield Installation Information\{6A9F0C42-3758-42EC-B4DE-F85BC5C175CF}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744X_RR_QF-->C:\Program Files\InstallShield Installation Information\{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744XF_GE_EKF-->C:\Program Files\InstallShield Installation Information\{20B3074F-F200-4A50-9231-6FE3E0CF3F05}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744XF_GE_JLF-->C:\Program Files\InstallShield Installation Information\{7A5E396C-8D6E-4C63-AA5F-805ED6C911E6}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744XF_PW_KEF-->C:\Program Files\InstallShield Installation Information\{23C3924F-8542-4C7E-B1DC-D0E587B4DAC7}\setup.exe -runfromtemp -l0x0009 -removeonly
PMDG744XF_RR_CXF-->C:\Program Files\InstallShield Installation Information\{ABD462F9-7436-4086-A65B-AC6360ED45FC}\setup.exe -runfromtemp -l0x0009 -removeonly
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Nameless Mod-->C:\programe files\DeusEx\Uninstall_TNM.exe
Unreal Anthology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}\Setup.exe" -l0x9 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft DVD Ripper Ultimate-->C:\Program Files\Xilisoft\DVD Ripper Ultimate 5\Uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall
AS: COMODO Defense+
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: Spyware Terminator

======System event log======

Computer Name: Nathan-PC
Event Code: 1002
Message: The IP address lease 10.5.78.226 for the Network Card with network address 00173FAEF773 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).
Record Number: 236551
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091019131655.000000-000
Event Type: Error
User:

Computer Name: Nathan-PC
Event Code: 1003
Message:
Record Number: 236550
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091019131655.000000-000
Event Type: Warning
User:

Computer Name: Nathan-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00173FAEF773. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 236548
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091019131634.000000-000
Event Type: Warning
User:

Computer Name: Nathan-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00173FAEF773. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 236539
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091019131434.000000-000
Event Type: Warning
User:

Computer Name: Nathan-PC
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173FAEF773. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 236536
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091019131232.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Nathan-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 11910
Source Name: WerSvc
Time Written: 20080518175116.000000-000
Event Type: Error
User:

Computer Name: Nathan-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 11879
Source Name: WerSvc
Time Written: 20080518164119.000000-000
Event Type: Error
User:

Computer Name: Nathan-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 11685
Source Name: WerSvc
Time Written: 20080518110605.000000-000
Event Type: Error
User:

Computer Name: Nathan-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 11622
Source Name: WerSvc
Time Written: 20080517114331.000000-000
Event Type: Error
User:

Computer Name: Nathan-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 11596
Source Name: WerSvc
Time Written: 20080517024128.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Nathan-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: NATHAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2ac
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 61818
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090508134933.884574-000
Event Type: Audit Success
User:

Computer Name: Nathan-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 61817
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090508134933.859185-000
Event Type: Audit Success
User:

Computer Name: Nathan-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NATHAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2ac
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 61816
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090508134933.859185-000
Event Type: Audit Success
User:

Computer Name: Nathan-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: NATHAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2ac
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 61815
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090508134933.859185-000
Event Type: Audit Success
User:

Computer Name: Nathan-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2f2c3
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 61814
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090508134933.617989-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\VistaCodecPack\QT\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[fenderguy]

and RSIT # 2:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nathan at 2010-03-10 19:38:35
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 178 GB (38%) free of 473 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:00, on 10/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nathan\Downloads\RSIT.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Nathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/56.20/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9897 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Driver Robot.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-01-29 1230184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real player\rpbrowserrecordplugin.dll [2009-12-01 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-01-29 1230184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-22 1800464]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-01 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\VistaCodecPack\QT\QTTask.exe [2009-11-10 417792]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-08 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-05-15 95536]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-08 3037696]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-10 19:38:35 ----D---- C:\rsit
2010-03-08 23:02:19 ----D---- C:\Program Files\Trend Micro
2010-03-08 22:36:00 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-08 21:59:56 ----D---- C:\Program Files\Crawler
2010-03-08 21:17:36 ----D---- C:\Users\Nathan\AppData\Roaming\Spyware Terminator
2010-03-08 21:17:35 ----D---- C:\ProgramData\Spyware Terminator
2010-03-08 21:17:34 ----D---- C:\Program Files\Spyware Terminator
2010-03-08 07:30:33 ----A---- C:\Windows\system32\wininet.dll
2010-03-08 07:30:32 ----A---- C:\Windows\system32\urlmon.dll
2010-03-08 07:30:32 ----A---- C:\Windows\system32\mshtml.dll
2010-03-08 07:30:30 ----A---- C:\Windows\system32\ieui.dll
2010-03-08 07:30:30 ----A---- C:\Windows\system32\ieframe.dll
2010-03-08 07:30:29 ----A---- C:\Windows\system32\iepeers.dll
2010-03-08 07:30:28 ----A---- C:\Windows\system32\ieencode.dll
2010-03-08 07:30:27 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-08 07:30:20 ----A---- C:\Windows\system32\jscript.dll
2010-02-25 19:47:57 ----D---- C:\Users\Nathan\AppData\Roaming\Mozilla
2010-02-25 19:47:46 ----D---- C:\Program Files\Mozilla Firefox
2010-02-24 07:38:34 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 07:38:12 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 07:38:12 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 07:38:10 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 07:38:10 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 07:38:10 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 07:38:10 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 07:38:09 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 07:38:09 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 07:38:09 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 07:38:04 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 07:38:04 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 07:38:03 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-22 23:58:25 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2010-02-22 17:33:35 ----A---- C:\Windows\cfplogvw.INI
2010-02-21 21:25:00 ----A---- C:\Windows\PCTBDCore.dll.old
2010-02-21 21:19:50 ----AD---- C:\ProgramData\TEMP
2010-02-21 13:47:25 ----D---- C:\ProgramData\HP Product Assistant

======List of files/folders modified in the last 1 months======

2010-03-10 19:38:59 ----D---- C:\Windows\Prefetch
2010-03-10 19:38:52 ----D---- C:\Windows\Temp
2010-03-10 19:36:34 ----D---- C:\Windows\system32\catroot2
2010-03-10 19:35:06 ----D---- C:\Windows\Minidump
2010-03-10 19:35:03 ----D---- C:\Windows
2010-03-10 17:57:02 ----D---- C:\Windows\System32
2010-03-10 17:57:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-10 09:21:08 ----SHD---- C:\System Volume Information
2010-03-10 08:57:39 ----D---- C:\Windows\system32\catroot
2010-03-10 08:57:34 ----D---- C:\Windows\winsxs
2010-03-09 22:53:24 ----D---- C:\Users\Nathan\AppData\Roaming\vlc
2010-03-08 23:02:19 ----RD---- C:\Program Files
2010-03-08 22:57:12 ----D---- C:\Windows\rescache
2010-03-08 22:40:57 ----D---- C:\Windows\system32\Tasks
2010-03-08 22:38:09 ----D---- C:\Windows\system32\LogFiles
2010-03-08 22:35:48 ----SHD---- C:\Windows\Installer
2010-03-08 22:35:47 ----HD---- C:\Config.Msi
2010-03-08 22:35:41 ----D---- C:\ProgramData\NVIDIA
2010-03-08 22:34:35 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-08 22:33:01 ----D---- C:\Windows\inf
2010-03-08 22:32:52 ----D---- C:\Windows\system32\drivers
2010-03-08 21:54:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-08 21:54:15 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-08 21:17:35 ----HD---- C:\ProgramData
2010-03-08 19:53:49 ----D---- C:\Windows\Debug
2010-03-07 18:34:53 ----D---- C:\Program Files\Soulseek-Test
2010-03-07 18:28:09 ----D---- C:\Windows\system32\migration
2010-03-07 18:28:09 ----D---- C:\Windows\system32\en-US
2010-03-07 18:28:09 ----D---- C:\Program Files\Internet Explorer
2010-03-06 05:52:14 ----D---- C:\Users\Nathan\AppData\Roaming\BitTorrent
2010-02-28 14:08:36 ----D---- C:\Users\Nathan\AppData\Roaming\HpUpdate
2010-02-24 15:11:18 ----D---- C:\Windows\AppPatch
2010-02-24 15:11:17 ----RSD---- C:\Windows\Fonts
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-22 07:28:15 ----A---- C:\Windows\system32\guard32.dll
2010-02-21 21:35:07 ----D---- C:\Program Files\Common Files
2010-02-21 13:52:45 ----D---- C:\ProgramData\HP
2010-02-17 21:45:37 ----D---- C:\Users\Nathan\AppData\Roaming\dvdcss
2010-02-14 16:27:39 ----D---- C:\Users\Nathan\AppData\Roaming\OpenOffice.org2
2010-02-11 07:24:57 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-24 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-07-02 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-30 76040]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-02-22 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-02-22 29520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-01-02 24872]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-02-22 74328]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2010-03-08 142592]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-01-08 103488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-12 11586280]
R3 RT73;Belkin USB Network Adapter; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 Amsmpu4p;Amsmpu4p; \??\C:\Users\Nathan\AppData\Local\Temp\Amsmpu4p.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
S3 viaagp1;VIA AGP Filter; C:\Windows\system32\drivers\viaagp1.sys [2003-07-02 27904]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 EMSCR;EMSCR; C:\Windows\system32\drivers\ems7sk.sys [2006-10-25 62208]
S4 ESDCR;ESDCR; C:\Windows\system32\drivers\esd7sk.sys [2006-10-25 42240]
S4 ESMCR;ESMCR; C:\Windows\system32\drivers\esm7sk.sys [2006-10-25 76928]
S4 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\heci.sys [2006-10-23 44416]
S4 ioatdma;Intel(R) QuickData Technology Device; C:\Windows\system32\drivers\ioatdma.sys [2007-05-31 36744]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-08-30 43008]
S4 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\drivers\asacpi.sys [2006-10-19 7680]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 12032]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 O2MDRDR;O2MDRDR; C:\Windows\system32\drivers\o2media.sys [2005-11-14 34176]
S4 O2SDRDR;O2SDRDR; C:\Windows\system32\drivers\o2sd.sys [2005-12-19 28800]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 SI3132;SiI-3132 SATALink Controller; C:\Windows\system32\drivers\si3132.sys [2007-05-24 74800]
S4 Si3132r5;SiI-3132 SoftRaid 5 Controller; C:\Windows\system32\drivers\si3132r5.sys [2007-06-01 215856]
S4 Si3531;SiI-3531 SATA Controller; C:\Windows\system32\drivers\si3531.sys [2007-01-30 210224]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-22 723632]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-11 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-08 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-12 867080]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 87288]

-----------------EOF-----------------

[patrik]

Download RootRepeal from here or here and unzip it to your Desktop.
Click on the Report tab, then click on Scan Button.
A Window will open asking what to include in the scan. Check all of the below:
* Drivers
* Files
* Processes
* SSDT
* Stealth Objects
* Hidden Services
Click OK button. Now you'll be asked which drive to scan, check your system drive - disk C by default.
Click OK button again and the scan will start.
The scan may take some time to finish,so please be patient. When the scan has finished, click on Save Report to save a report.

Post back with RootRepeal report.

[fenderguy]

Root Repeal doesnt seem to work properly either - I even tried it whilst disconnected from the internet and having all the security software turned off - it appears to do the scan then gets to a certain point (could be the end of the scan, I dont know) then the outline of an alert box appears but nothing happens. I click the cross on the box, then it shuts the program down and there is no report.

[fenderguy]

Tbh, after further investigating I think it may actually be the printer connection. I've noticed there's way more connections when it's turned on than when it's turned off, and the IP's listed are going from my PC to my printer IP.

Although then again that could be malware deceiving me...

[patrik]

If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.
When the tool is finished, it will produce a log for you.If the log does not automatically open, then it can be found at %systemdrive%\combofix.txt (typically C:\combofix.txt).

If ComboFix will not run, please rename it to myapp.exe and try again!

Post back with combofix log.

[fenderguy]

here it is:


ComboFix 10-03-19.04 - Nathan 19/03/2010 22:42:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.1164 [GMT 0:00]
Running from: c:\users\Nathan\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3737131860-3734413386-2323170402-500
c:\$recycle.bin\S-1-5-21-3962745908-4200429497-4164690780-500
c:\program files\INSTALL.LOG
c:\windows\system32\Connect.dll
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-19 22:52 . 2010-03-19 22:52 -------- d-----w- c:\users\Nathan\AppData\Local\temp
2010-03-19 22:52 . 2010-03-19 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 23:27 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 23:27 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 23:27 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 19:38 . 2010-03-10 19:39 -------- d-----w- C:\rsit
2010-03-08 23:02 . 2010-03-08 23:02 -------- d-----w- c:\program files\Trend Micro
2010-03-08 22:36 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-08 21:59 . 2010-03-19 17:53 -------- d-----w- c:\program files\Crawler
2010-03-08 21:17 . 2010-03-08 21:17 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-08 21:17 . 2010-03-08 21:17 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-08 21:17 . 2010-03-08 21:17 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-08 21:17 . 2010-03-18 19:41 -------- d-----w- c:\users\Nathan\AppData\Roaming\Spyware Terminator
2010-03-08 21:17 . 2010-03-19 15:35 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-08 21:17 . 2010-03-15 19:51 -------- d-----w- c:\program files\Spyware Terminator
2010-03-08 07:30 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-08 07:30 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-02-22 23:58 . 2005-08-25 19:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-21 21:29 . 2010-02-21 21:29 -------- d-----w- c:\users\Nathan\AppData\Local\Threat Expert
2010-02-21 13:51 . 2010-02-21 13:52 23113 ----a-w- c:\windows\hpqins15.dat
2010-02-21 13:47 . 2010-02-21 13:47 -------- d-----w- c:\programdata\HP Product Assistant
2010-02-21 13:45 . 2010-02-21 13:47 77378 ----a-w- c:\windows\hpqins05.dat
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 15:11 . 2009-09-20 14:39 34990 ----a-w- c:\programdata\nvModes.dat
2010-03-18 19:33 . 2007-11-04 19:33 -------- d-----w- c:\users\Nathan\AppData\Roaming\BitTorrent
2010-03-14 17:00 . 2009-08-09 10:49 -------- d-----w- c:\users\Nathan\AppData\Roaming\vlc
2010-03-10 23:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-08 22:35 . 2007-10-24 10:51 -------- d-----w- c:\programdata\NVIDIA
2010-03-08 22:34 . 2009-09-20 14:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-08 21:54 . 2009-02-09 10:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-08 21:54 . 2009-02-09 10:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-07 18:34 . 2007-12-15 17:39 -------- d-----w- c:\program files\Soulseek-Test
2010-02-28 16:05 . 2007-11-02 09:37 55200 ----a-w- c:\users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 14:08 . 2009-09-01 18:05 -------- d-----w- c:\users\Nathan\AppData\Roaming\HpUpdate
2010-02-24 10:16 . 2009-10-07 07:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 07:28 . 2009-03-29 15:22 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-22 07:28 . 2009-03-29 15:22 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-22 07:28 . 2009-03-29 15:22 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-22 07:28 . 2009-03-29 15:22 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-21 13:52 . 2009-05-18 13:51 -------- d-----w- c:\programdata\HP
2010-02-17 21:45 . 2008-07-04 13:10 -------- d-----w- c:\users\Nathan\AppData\Roaming\dvdcss
2010-02-14 16:27 . 2008-01-07 13:10 -------- d-----w- c:\users\Nathan\AppData\Roaming\OpenOffice.org2
2010-02-14 16:27 . 2008-01-07 13:10 1 ----a-w- c:\users\Nathan\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-25 12:00 . 2010-02-24 07:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 07:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 07:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 07:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 07:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 07:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 07:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 07:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 07:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-24 17:14 . 2007-11-03 23:28 -------- d-----w- c:\programdata\Apple Computer
2010-01-24 17:13 . 2010-01-24 17:13 -------- d-----w- c:\program files\Common Files\Apple
2010-01-24 17:13 . 2010-01-24 17:13 -------- d-----w- c:\program files\Apple Software Update
2010-01-24 17:13 . 2010-01-24 17:13 -------- d-----w- c:\programdata\Apple
2010-01-23 09:26 . 2010-02-24 07:38 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-20 10:08 . 2009-02-22 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 22:18 . 2010-01-11 22:18 962664 ----a-w- c:\windows\system32\nvsvc.dll
2010-01-11 22:18 . 2010-01-11 22:18 13679720 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 22:18 . 2010-01-11 22:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 22:18 . 2010-01-11 22:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-06 15:39 . 2010-02-24 07:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 07:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 07:38 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 07:38 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 07:38 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 07:38 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 07:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-26 14:54 . 2009-10-10 14:54 97216 ---ha-w- c:\windows\system32\mlfcache.dat
1998-09-25 12:16 . 2008-10-14 14:56 270848 ----a-w- c:\program files\UNWISE.EXE
2008-06-01 18:12 . 2008-06-01 18:12 61 --sh--w- c:\windows\cnerolf.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-08 3037696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-22 1800464]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2009-11-10 417792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-08 2166784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b0,b1,39,90,2f,74,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3962745908-4200429497-4164690780-1000]
"EnableNotificationsRef"=dword:00000001

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2007-05-31 36744]
R4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-12-19 28800]
R4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\si3531.sys [2007-01-30 210224]
S1 aswSP;avast! Self Protection; [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-30 76040]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-22 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-22 29520]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-08 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.co.uk/s/v/56.20/uploader2.cab
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\l85cfzui.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\real player\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\real player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3962745908-4200429497-4164690780-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:7d,3a,12,b9,4f,b7,94,88,b5,8e,ff,b1,28,3a,f0,dd,48,41,fa,81,ca,
73,10,2a,9a,9a,99,67,e2,c8,cf,81,6c,02,94,1e,4e,ab,33,4c,78,ab,6c,1c,f0,f5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{561ca9e5-108c-44cf-956b-0fa41e280493}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00173f
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{56b1928a-9e98-401c-8e35-51ea1af13bea}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b0019db
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{772dee92-ac6d-45c0-b2b3-76d1fd4ebe88}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0090f5
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2b88a31-de5b-4dff-a9ab-ab9016375f01}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\guard32.dll
.
Completion time: 2010-03-19 22:56:11
ComboFix-quarantined-files.txt 2010-03-19 22:56

Pre-Run: 185,442,603,008 bytes free
Post-Run: 185,395,171,328 bytes free

- - End Of File - - DE265B3B059B75F214AFD91F7DA99C90

[patrik]

Looks ok
How is your PC now ?

[fenderguy]

The internet runs a little slower than it did, although maybe because I am running antispyware, antivirus, and a firewall.
Do you think I can safely disable the antispyware?

[patrik]

AV: AVG Anti-Virus Free
FW: COMODO Firewall
AS: COMODO Defense+
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: Spyware Terminator

Looks like you have a few Antispyware apps, you need leave an one.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Remove tools, files or folders created during this cleanup operation.
Uninstall Combofix.

Click Start > Run - type ComboFix /uninstall
Press Ok.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore.

2. Update your programs.
Visit Microsoft Update (update.microsoft.com). Make sure that you have all the Critical Updates recommended for your operating system and IE. Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found.
Update all antivirus/antispyware programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

3. Many of the exploits are directed to users of Internet Explorer.
Use only an alternate browser - Firefox or Opera.

4. Be careful when opening attachments and downloading files.

Safe surfing!

[fenderguy]

Cheers. I'm not sure why AVG is still there, I deleted it ages ago along with the program folders etc.
I dont use windows defender, but the program is still there in control panel along with windows firewall.

[patrik]

I'm not sure why AVG is still there, I deleted it ages ago along with the program folders etc.

Click Start, Run.
Type wbemtest and press Enter.
Windows Management Instrumentation Tester opens.
Click Connect... button.
Type root\SecurityCenter and press Enter.
Click to Query button.
Type SELECT * FROM AntiVirusProduct and click on Apply button.
If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product.
Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.