Thank you, shelf life for looking into this. At this point, the computer no longer takes 20 minutes to load, and I thank you.
Here is the
ComboFix log:
ComboFix 08-06-01.6 - Kyle 2008-06-05 15:06:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.173 [GMT -6:00]
Running from: C:\Users\Kyle\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\vtmp2
C:\Windows\system32\MSINET.oca
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-04 14:46 . 2008-06-04 14:46 <DIR> d-------- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2008-06-04 14:46 . 2008-06-04 14:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-04 14:46 . 2008-06-04 14:46 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-04 14:46 . 2008-06-04 14:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 14:46 . 2008-05-30 01:06 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-04 14:46 . 2008-05-30 01:06 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-01 11:34 . 2008-06-01 19:04 <DIR> d-------- C:\HJT
2008-05-28 12:29 . 2008-05-28 12:29 <DIR> d-------- C:\Users\Kyle\AppData\Roaming\Webroot
2008-05-28 12:29 . 2008-05-28 12:29 <DIR> d-------- C:\Users\All Users\Webroot
2008-05-28 12:29 . 2008-05-28 12:29 <DIR> d-------- C:\ProgramData\Webroot
2008-05-28 12:29 . 2008-05-28 12:29 <DIR> d-------- C:\Program Files\Webroot
2008-05-28 12:29 . 2007-10-01 16:40 1,526,072 --a------ C:\Windows\WRSetup.dll
2008-05-28 12:29 . 2007-10-01 16:24 163,640 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-05-28 12:29 . 2007-10-01 16:24 23,864 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-05-28 12:29 . 2007-10-01 16:24 21,816 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-05-28 12:29 . 2007-10-01 16:24 20,280 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-05-25 01:53 . 2008-05-25 01:59 <DIR> d--hs---- C:\Users\Kyle\!
2008-05-25 01:53 . 2008-05-25 01:53 502 --a------ C:\Users\Kyle\858.bat
2008-05-25 01:52 . 2008-05-25 01:52 <DIR> d-------- C:\Windows\System32\vntiho05
2008-05-25 01:52 . 2008-06-05 15:08 <DIR> d-------- C:\Temp
2008-05-22 02:14 . 2008-05-22 02:14 <DIR> d-------- C:\Users\Kyle\AppData\Roaming\GTek
2008-05-22 02:14 . 2008-05-22 02:14 <DIR> d-------- C:\Users\All Users\Gtek
2008-05-22 02:14 . 2008-05-22 02:14 <DIR> d-------- C:\ProgramData\Gtek
2008-05-21 01:48 . 2008-05-21 14:26 32,768 --a------ C:\Windows\System32\Ikeext.etl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 15:20 --------- d-----w C:\Users\Kyle\AppData\Roaming\AVG7
2008-06-01 20:43 --------- d-----w C:\ProgramData\hide cool shim link
2008-06-01 20:43 --------- d-----w C:\ProgramData\Dash start link
2008-05-28 17:17 --------- d-----w C:\ProgramData\avg7
2008-05-26 07:35 --------- d-----w C:\Program Files\LimeWire
2008-05-26 05:46 --------- d-----w C:\Users\Kyle\AppData\Roaming\LimeWire
2008-05-22 07:53 --------- d-----w C:\Program Files\BitDownload
2008-05-18 09:06 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-18 09:06 --------- d-----w C:\Program Files\Windows Mail
2008-04-13 02:18 --------- d-----w C:\ProgramData\WildTangent
2008-04-06 03:07 --------- d-----w C:\Users\Kyle\AppData\Roaming\PeerNetworking
2007-09-27 09:34 174 --sha-w C:\Program Files\desktop.ini
2007-09-23 04:34 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 11:25 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-03 18:40 171448]
"Bits Bat"="C:\ProgramData\Vc Show Show.2mdpg9" [ ]
"SHIM LINK FREE BALL"="C:\ProgramData\dumb does ford.cunppy6" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]
"cmds"="rundll32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"BM1f9409a9"="Rundll32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-27 03:17 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 21:36 827392]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-01-30 17:40 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-01-30 17:40 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-01-30 17:40 126976]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 18:45 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 12:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 14:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 17:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-03 07:42 77824]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-23 13:47 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:40 185896]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-30 01:06 1183352]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 18:39 44128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-23 13:48 219136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-07-03 07:21:58 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-23 13:48 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B5D7E774-F584-4CDE-B627-992D819ED7EB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{86DDB4F6-755E-4A4D-A949-DE8FDBA53D3C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E15F000-820D-4314-867E-7BEE40C0C83F}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{E9F11BE8-CF8A-4D46-9865-77EB6B3BD9D7}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A57C0E17-73C7-4701-A525-F2125E91C3B6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDCFDE1D-D42B-4AF7-97DE-6FF85D397348}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2510AE9B-5618-4FA7-B9FE-3A2060264E42}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3769946F-2167-4B18-AB4A-9D05A6845074}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C024F1FC-2A3B-4852-88E7-AF75F63C9D8C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{07E47BA4-E844-4B87-A8ED-C1628F8791EE}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1CC2BDE9-83FA-4B99-9866-0C9CD3DEA5DB}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{336906D3-5CE7-4E2C-9A62-0264F30FED58}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9813725D-16FC-4AC4-BA3E-F7A48EEA367C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{176DD2A9-B4EC-4431-8398-177CC7CB4FDD}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C9AEEFBB-3F0B-4E25-B8B3-D0CFE4A800BE}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C9E93CAF-3210-4A0B-A48C-43FFF552817D}C:\\program files\\bitdownload\\bitdownload.exe"= UDP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{23D87703-1A9A-418A-A0D9-EF094A339755}C:\\program files\\bitdownload\\bitdownload.exe"= TCP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"TCP Query User{F2FBA8F4-EAF0-4D61-854C-42FFAFFB0FF8}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F86D0448-3EF1-431A-A233-D2C425CE881F}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071116.001\IDSvix86.sys [2007-11-06 10:07]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-27 18:44]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-20 17:17]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-30 18:35]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 01:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 04:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 04:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 04:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1801f39c-27d0-11dd-80c5-001a6b85fc72}]
\shell\AutoRun\command - F:\LinksysConnectPC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7be8090-69f7-11dc-a7af-806e6f6e6963}]
\shell\AutoRun\command - E:\install.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 21:07:49 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-23 17:49:25 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Kyle.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-05 15:13:50
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-05 15:17:44
ComboFix-quarantined-files.txt 2008-06-05 21:17:32
Pre-Run: 96,700,686,336 bytes free
Post-Run: 96,987,430,912 bytes free
190 --- E O F --- 2008-06-05 09:06:00
And the
HiJackThis log as well:
Logfile of HijackThis v1.99.1
Scan saved at 3:58:57 PM, on 6/5/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Bits Bat] "C:\ProgramData\Vc Show Show.2mdpg9"
O4 - HKCU\..\Run: [SHIM LINK FREE BALL] "C:\ProgramData\dumb does ford.cunppy6"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {EFFF96BF-7DA7-4646-BE34-9624B0C1475E} (Zeus Learning::. Complex Application Distribution System Control (CADS)) -
http://www.keyboardi...ponent/cads.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
And the log supplied by
MalwareByte:
Malwarebytes' Anti-Malware 1.14
Database version: 826
9:01:04 AM 6/5/2008
mbam-log-6-5-2008 (09-01-04).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182978
Time elapsed: 2 hour(s), 31 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1ca73a35 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1f9409a9 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Kyle\AppData\Local\Temp\qoMcbxUm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\msconfig.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Users\Kyle\winlogon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQPDCXAK\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7YIVJBO\kb713501[1] (Trojan.LowZones) -> Delete on reboot.
C:\Users\Kyle\AppData\Local\Temp\hippqqkm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\hlawtrwj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\isnshpmh.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\llvqwyyh.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\rdmyglbq.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tlsnfkwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp00025e74 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp00038d6f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp00039201 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp000397db (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0003f305 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0003ffb2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0004ad3f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0004bf0a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0005f20b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp0008ba97 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp000a8719 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp001771a6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\tmp008220cb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\qoMfdebY.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Kyle\AppData\Local\Temp\fvcpnaio.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Kyle\AppData\Local\Temp\dgpxuquo.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\autorun.inf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Thank you for your time; please let me know if there's anything more I can do for this poor machine. =)
EDIT: The ads have stopped, and it seems to be running a lot smoother. Thanks so much for the help. =)
- Mattacon
Edited by Mattacon, 05 June 2008 - 05:32 PM.