Smitfraud Trojan

[pskelley]

It would seem since you are old enough to own a computer, you should be old enough to answer some of these questions yourself. I don't care what you do with it, just run the CFScript and post the information I asked for.

I should mention, the answer you got from Knology is exactly the reason I will never use them and never suggest them to anyone else. You pay them, but when you ask for help with a problem, that is the kind of answer you get.

 

[cunxray]

Here is Combo log:
ComboFix 08-07-13.6 - Ken 2008-07-13 17:03:55.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2030 [GMT -5:00]
Running from: C:\Users\Ken\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ken\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\lsissass.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\lsissass.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LSISSASS
-------\Service_lsissass


((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-12 19:12 . 2008-07-12 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-12 17:52 . 2008-07-12 17:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 17:52 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-12 17:52 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 23:18 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-11 23:18 . 2008-04-26 03:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-11 23:18 . 2008-04-26 03:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-11 23:18 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-11 23:18 . 2008-05-09 22:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-11 23:18 . 2008-04-04 20:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-11 23:18 . 2008-04-04 22:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-11 23:12 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 23:12 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 23:11 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 23:08 . 2008-05-08 16:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-11 23:08 . 2008-05-08 16:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-11 23:08 . 2008-05-08 16:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-11 23:08 . 2008-05-08 16:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-11 23:08 . 2008-05-08 16:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-11 23:08 . 2008-05-08 16:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Users\Ken\AppData\Roaming\Comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\Users\All Users\comodo
2008-07-10 22:03 . 2008-07-10 22:56 <DIR> d-------- C:\ProgramData\comodo
2008-07-10 22:03 . 2008-07-10 22:03 <DIR> d-------- C:\Program Files\COMODO
2008-07-10 22:03 . 2008-07-10 22:03 143,104 --a------ C:\Windows\System32\guard32.dll
2008-07-10 22:03 . 2008-07-10 22:03 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-07-10 22:03 . 2008-07-10 22:03 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-07-06 21:50 . 2008-07-13 15:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-06 21:20 . 2008-07-12 17:44 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Users\All Users\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\ProgramData\avg8
2008-07-06 21:20 . 2008-07-06 21:20 <DIR> d-------- C:\Program Files\AVG
2008-07-06 21:20 . 2008-07-08 17:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-06 21:20 . 2008-07-06 21:20 10,520 --a------ C:\Windows\System32\avgrsstx.dll.old
2008-07-06 21:20 . 2008-07-08 17:21 10,520 --a------ C:\Windows\System32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 08:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-11 01:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-11 01:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 23:41 --------- d-----w C:\Users\Ken\AppData\Roaming\Azureus
2008-06-25 12:34 --------- d-----w C:\ProgramData\Roxio
2008-06-25 11:48 --------- d-----w C:\Program Files\Free Windows Registry Cleaner
2008-06-20 01:57 --------- d-----w C:\ProgramData\WildTangent
2008-06-17 05:43 --------- d-----w C:\Program Files\Azureus
2008-06-17 03:37 --------- d-----w C:\Program Files\Blubster
2008-06-16 02:48 --------- d-----w C:\Users\Ken\AppData\Roaming\Vso
2008-06-05 01:38 --------- d-----w C:\Users\Ken\AppData\Roaming\Move Networks
2008-06-03 03:22 3,532 ----a-w C:\drmHeader.bin
2008-05-24 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 21:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-24 17:32 --------- d-----w C:\Users\Ken\AppData\Roaming\ESET
2008-05-24 17:31 --------- d-----w C:\ProgramData\ESET
2008-05-24 17:31 --------- d-----w C:\Program Files\ESET
2008-05-24 02:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 01:56 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-02 13:22 174 --sha-w C:\Program Files\desktop.ini
2008-05-02 12:58 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 12:58 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-02 12:32 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-02 12:32 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-01-03 23:54 47,360 ----a-w C:\Users\Ken\AppData\Roaming\pcouffin.sys
2007-10-31 04:15 420 ----a-w C:\Users\Ken\AppData\Roaming\wklnhst.dat
2007-05-25 03:05 1,163,592 ----a-w C:\Users\Ken\install_flash_player.exe
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-01-21 13:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-06 20:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-06 20:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-02 19:26 22 --sha-w C:\Windows\SMINST\HPCD.sys
2008-02-01 05:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-13_15.54.45.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 20:49:54 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-13 22:11:13 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-13 20:50:22 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-13 22:24:26 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-07-13 20:50:22 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-13 22:24:28 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-07-13 19:14:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-13 21:58:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-13 19:14:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 21:58:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-13 19:14:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-13 21:58:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 19:19:33 108,894 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-13 22:16:14 108,894 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-13 19:19:33 630,928 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-13 22:16:14 630,928 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-13 19:17:05 87,308 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 20:51:56 87,450 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-13 19:17:04 52,260 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-13 20:51:48 52,554 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 17:21 1232152]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-10 22:03 1655552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll C:\Windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-08-14 01:07 102400 C:\Program Files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2006-09-28 08:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 20:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-09-12 06:28 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-07-31 09:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-08-10 12:10 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 04:45 215552 C:\Windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6E6A127A-0B43-4E56-8825-E2B3164F5BC0}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BD383BD3-E6C8-4976-9397-C1937F40170F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C1819F0B-FF69-4093-AC3E-334153611C8E}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{A7013299-4886-43D0-A152-E4F8C42E372B}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D378F73-CF2A-42A5-8F87-96A6EE31A1E5}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C30651B3-C136-488C-8C66-9A1A3140B937}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A25263A1-2CDF-45DE-A8BF-897BDDCFA182}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{0C06651B-F13E-4112-BF36-A7B656CAFA54}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{B9A7B8B9-36F7-485C-8414-940D5A37D5D7}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{46440B8A-A209-434E-8581-A0B58E16FE10}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{704700B6-6661-48AB-B252-C1D31D8D530C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9E7AD0E6-394C-43EF-BF81-A51607F222FF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ED568ABF-128B-40DC-8018-5768683BC34C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9534223D-A4DC-456C-AC10-742B7DAAD796}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9A6C01E9-FCED-4196-8168-8C10D62C7349}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5EFED946-E209-4339-AEF6-65EB5095474E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8D15887E-978C-4B68-9346-960FBF941865}"= UDP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{7C95C464-4593-4061-9C73-72B7344264B2}"= TCP:C:\Program Files\Blubster\Blubster.exe:Blubster
"{354BB3EE-AD5A-415A-BF09-4E56F56EF56E}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8215624-F651-464D-80B2-DFB4A346180B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BC1473FC-95DA-4D54-A2E1-A04A3BA8E969}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5A14463C-496E-42AD-AFAF-F83AB40C2266}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{48279ACF-FC4A-4F83-8DBE-10F952F5C473}"= UDP:990:LocalSubnet:LocalSubnet|IF={07A70FF6-B72E-413E-BCDD-26B25CD51323}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{BFE23D80-B40E-46DF-A3CB-FCF4B4DEFB00}"= TCP:63138:Azureus
"TCP Query User{6522C80F-39A6-4EA6-8F19-581E938F6EDF}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{2121E812-5292-405E-953F-1D8B63466853}C:\\users\\ken\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\ken\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{776B6005-4A03-4232-AD28-14728E0DDD25}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F651C470-9718-435E-9CCD-B24FC3E3084D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{415DE8D8-F688-433C-803B-8D1985307300}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F34B6587-EC75-4FA8-91FB-79FFD6596631}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B439C075-8792-466E-AC40-E4A2364B14D5}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4421A75E-99FE-4A45-9907-3B0D8C10E8C5}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{506C781B-A9CE-418D-9EFC-ED5C4D16AB8D}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{538FD763-EC3B-466B-851E-F5606B631FAB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{62564FD6-89FF-43D0-9E13-D6E6451202BD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-08 17:21]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-10 22:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-10 22:03]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 17:21]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 13:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 12:13]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 17:25]
S3 NetDirect;TAP-Win32 NetDirect Adapter;C:\Windows\system32\DRIVERS\NetDirect.sys [2007-06-07 07:29]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 02:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 02:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6c69b87-bfcd-11db-9c7b-806e6f6e6963}]
\shell\AutoRun\command - K:\WD_Windows_Tools\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 22:24:28 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-05 08:21:52 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-13 16:32:10 C:\Windows\Tasks\User_Feed_Synchronization-{FE738198-38AB-4249-894A-3551E61D8C19}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 17:24:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-07-13 17:27:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 22:27:15
ComboFix2.txt 2008-07-13 20:56:13

Pre-Run: 208,983,330,816 bytes free
Post-Run: 211,285,188,608 bytes free

311 --- E O F --- 2008-07-12 07:32:32

 

[cunxray]

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:58 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhtt...4.69.12.43_47023&=&req=1210299706470OneCC.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://209.149.177.89/nortel_cacheable/NetDirect.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://209.149.177.89/nortel_cacheable/iewiper.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8769 bytes

 

[pskelley]

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run Disk Cleanup:
http://www.lockergnome.com/windows/2006/10/26/disk-cleanup-in-vista/

Post a new HJT log.


If things are running as they should, the next step is to remove combofix like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Thanks

 

[cunxray]

I went to the ARIN site and these addresses belong to Knology, 69.1.30.11 and 69.1.30.10

 

[cunxray]

What do these settings mean?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain

 

[pskelley]

I posted that information for you in post #19 near the end.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

 

[cunxray]

So I should not run the HJT and fix these.
I will run the disk clean up and uninstall the Combo fix.
Sorry to irritate you earlier. Just trying to give you info, Just more than you wanted.
You guys seem very busy and are doing great work, I commend you and would love to pay you for this fix. Thanks for all you do.

 

[cunxray]

New HJT log

New HJT log:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:52 PM, on 7/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///F:/components/hidinputmonitorx.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///F:/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///F:/components/wmvhdrating.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} -
O16 - DPF: {D0BE2767-CD10-4B56-8795-C6BC37A8572F} (ISiteNonVisual Control 3.5) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABB371-01CF-4686-8102-E7C6091D8A41}: NameServer = 69.1.30.11,69.1.30.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = is-domain,is-domain
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8166 bytes