Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
9 Posts
Discussion Starter · #1 ·
Hello, well i seem to be getting capped on my internet very quickly when i dont download the amount i am allouded.
i have alot of viruses, but are hard to remove.

i have 6 svchost.exe in my task manger processes list, and 1 of them named: Windows Management Instrumentation is Mem Usage: 21,xxx K sometimes, but always more Mem Usage than explorer.exe.
when i try to end proccess it with task manager, it says access denied, so i use Security Task Manager to end process it, and it works, but ir re-opens after sometime.

when i turn my computer on, and go to task manager, there is a update.exe opening/closing, re-opening/re- closing.
when i end proccess it with task manager, it says access denied, so i use Security Task Manager to end process it, and it works, but when i restart/shutdown n turn it back on, its back again. (also when trying to close this, i have to end process explorer.exe for it to stay off, but then i can re-open explorer.exe).

i have many viruses, some are:
WIN32_TROJANDOWNLOADER_CONHOOK
PRORAT
BookedSpace
and many many more.
could anyone be able to help me to get rid of some/all?

Heres Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:57 PM, on 21/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

And Combofix Log:

Administrator - 06-12-21 23:01:42.28 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Administrator\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\qoobox\purity\WINDOWS\MCROSO~1
C:\qoobox\purity\WINDOWS\MCROSO~1\MCROSO~1

((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 ))))))))))))))))))))))))))))))))))

2006-12-21 20:43 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2006-12-21 19:08 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-12-20 22:51 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-12-20 19:31 d-------- C:\Documents and Settings\Administrator\Application Data\FFSJ
2006-12-19 18:09 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2006-12-19 18:09 77,312 --a------ C:\WINDOWS\system32\msiexec.exe
2006-12-19 18:09 44,032 --a------ C:\WINDOWS\system32\msisip.dll
2006-12-19 18:09 331,264 --a------ C:\WINDOWS\system32\msihnd.dll
2006-12-19 18:09 2,804,224 --a------ C:\WINDOWS\system32\msi.dll
2006-12-19 18:08 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-19 18:08 d--h----- C:\WINDOWS\$hf_mig$
2006-12-19 18:08 d-------- C:\WINDOWS\system32\PreInstall
2006-12-18 17:19 d-------- C:\Program Files\kesus
2006-12-18 17:19 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2006-12-18 09:04 d-------- C:\Program Files\Telstra
2006-12-18 09:04 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-17 10:39 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-12-16 22:19 d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2006-12-16 22:19 d-------- C:\Documents and Settings\Administrator\.thumbnails
2006-12-16 22:10 d-------- C:\Documents and Settings\Administrator\.gimp-2.2
2006-12-16 22:09 d-------- C:\Program Files\GIMP-2.0
2006-12-16 22:07 d-------- C:\Program Files\Common Files\GTK
2006-12-16 21:13 d-------- C:\Program Files\MSN Messenger
2006-12-16 20:58 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-12-16 20:57 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-12-16 15:16 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-12-16 13:38 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-12-16 13:16 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-12-16 00:53 d-------- C:\Program Files\Common Files\xing shared
2006-12-09 14:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-09 14:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-09 14:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-09 14:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-09 14:21 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-09 14:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-09 14:21 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-09 14:20 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-09 14:20 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-09 14:20 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-09 14:20 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-09 14:20 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-09 14:20 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-09 14:20 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-09 14:20 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-09 14:20 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-09 14:20 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-09 14:20 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-09 14:20 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-09 14:20 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-09 14:20 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-07 21:43 d-------- C:\Documents and Settings\All Users\Desktop
2006-12-05 17:22 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-05 17:22 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-05 17:22 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-05 17:22 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-05 17:22 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-05 17:22 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-03 18:44 d-------- C:\Program Files\themexp
2006-12-03 18:32 441 --a------ C:\bootbak.bat
2006-12-03 17:51 d-------- C:\Program Files\Stardock
2006-12-03 03:22 699,674 --a------ C:\WINDOWS\unins000.exe
2006-12-03 03:22 d-------- C:\WINDOWS\system32\FFSJ
2006-12-02 17:06 d-------- C:\Downloads
2006-12-02 16:37 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-12-02 15:51 d-------- C:\Program Files\Common Files\Thraex Software
2006-12-02 03:15 514,560 --a------ C:\WINDOWS\system32\logonui22.exe
2006-12-02 02:42 3,569,664 --a------ C:\WINDOWS\system32\kakashi.exe
2006-12-02 02:36 514,560 --a------ C:\WINDOWS\system32\logonui2.exe
2006-12-02 02:36 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2006-12-02 01:40 3,734,016 --a------ C:\WINDOWS\system32\1logonui.exe
2006-12-01 08:44 d-------- C:\Program Files\SpeedOptimizer
2006-11-27 19:20 205,312 --a------ C:\WINDOWS\system\Patchw32.dll
2006-11-27 19:04 184,320 --a------ C:\WINDOWS\system\COMDLG32.DLL
2006-11-26 21:04 d-------- C:\Documents and Settings\All Users\Application Data\NFS Underground
2006-11-26 20:36 d-------- C:\Program Files\Common Files\DirectX
2006-11-26 20:29 d-------- C:\Program Files\EA GAMES
2006-11-26 17:48 d-------- C:\Program Files\mslovr
2006-11-25 15:51 d-------- C:\Program Files\UZUMAKI
2006-11-25 15:21 d--h----- C:\Documents and Settings\All Users\Templates
2006-11-25 15:21 d-------- C:\Program Files\Symantec
2006-11-24 20:21 d-------- C:\Program Files\Audacity

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-21 22:47 -------- d-------- C:\Program Files\Hijackthis
2006-12-21 22:42 -------- d-------- C:\Program Files\INAC
2006-12-21 20:41 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-12-21 20:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-20 22:59 -------- dr------- C:\Program Files\Windows Media Player
2006-12-19 10:13 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-12-19 10:13 -------- d-------- C:\Program Files\BitComet
2006-12-18 09:04 -------- dr------- C:\Program Files\Common Files
2006-12-17 21:01 -------- d-------- C:\Program Files\Java
2006-12-16 12:54 -------- d-------- C:\Program Files\Online Services
2006-12-16 00:53 -------- d-------- C:\Program Files\Common Files\Real
2006-12-15 23:27 -------- dr------- C:\Program Files\Common Files\Microsoft Shared
2006-12-12 21:28 -------- d-------- C:\Program Files\Nexon
2006-12-12 18:21 -------- d-------- C:\Program Files\MAIET
2006-12-09 14:21 -------- d-------- C:\Program Files\Windows NT
2006-12-06 20:54 -------- d-------- C:\Program Files\FlashGet
2006-12-02 15:36 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-02 15:36 -------- d-------- C:\Program Files\QuickTime
2006-11-26 20:36 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-26 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-21 09:16 -------- d-------- C:\Program Files\Grisoft
2006-11-19 11:49 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-19 10:57 -------- d-------- C:\Program Files\Security Task Manager
2006-11-18 10:10 -------- d-------- C:\Program Files\Real
2006-11-18 10:09 -------- d-------- C:\Program Files\Creative
2006-11-18 10:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-18 10:06 -------- d-------- C:\Program Files\Adobe
2006-11-18 10:05 -------- d-------- C:\Program Files\Yahoo!
2006-11-18 10:05 -------- d-------- C:\Program Files\InterActual
2006-11-18 10:05 -------- d-------- C:\Program Files\Easy DVD Maker
2006-11-18 10:05 -------- d-------- C:\Program Files\DVD Burning Xpress
2006-11-18 10:05 -------- d-------- C:\Program Files\DivX
2006-11-18 10:05 -------- d-------- C:\Program Files\AIM95
2006-11-18 10:04 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-11-18 10:04 -------- d-------- C:\Program Files\BearFlix
2006-11-18 10:03 -------- d-------- C:\Program Files\NO
2006-11-18 10:03 -------- d-------- C:\Program Files\FLVPlayer
2006-11-18 10:03 -------- d-------- C:\Program Files\Common Files\Java
2006-11-18 10:02 -------- d-------- C:\Program Files\gHEYIPOD
2006-11-18 10:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-18 10:01 -------- d-------- C:\Program Files\Nokia
2006-11-18 10:01 -------- d-------- C:\Program Files\Dachshund Software
2006-11-18 10:01 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-18 10:00 -------- d-------- C:\Program Files\WIZET
2006-11-18 10:00 -------- d-------- C:\Program Files\Seaaa
2006-11-18 10:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-18 09:58 -------- d-------- C:\Program Files\DVD Shrink
2006-11-18 09:58 -------- d-------- C:\Program Files\Analog Devices
2006-11-18 09:57 -------- d-------- C:\Program Files\iPodsdsds
2006-11-18 01:07 -------- d-------- C:\Program Files\Ahead
2006-10-27 18:53 18610 --a------ C:\WINDOWS\system32\ddes361.dll
2006-10-27 18:34 18610 --a------ C:\WINDOWS\system32\kbdrdu.dll
2006-10-27 18:28 25600 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-27 18:28 25600 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-10-24 15:10 3082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
2006-10-23 20:42 397312 --a------ C:\WINDOWS\NGLFunc.dll
2006-10-21 00:58 -------- d-------- C:\Program Files\BearShare Applications
2006-10-19 12:04 823296 --a------ C:\WINDOWS\nmconew.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BigPondCable"="\"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe\" /r"
"WMC_AutoUpdate"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3e,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Uret"="\"C:\\WINDOWS\\MCROSO~1\\arpa.exe\" -vt yazr"
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Uret"="\"C:\\WINDOWS\\MCROSO~1\\arpa.exe\" -vt yazr"
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LIMEWI~1\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigPondCable]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bpcable"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1154745383\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxHome]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAGUI"
"hkey"="HKLM"
"command"="C:\\Program Files\\Prevx Home2\\SAGUI.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarmPa\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=dword:00000002
"AVGEMS"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"MDM"=dword:00000002
"SVCHOST"=dword:00000002
"NBService"=dword:00000003
"iPodService"=dword:00000003
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Completion time: 06-12-21 23:05:29.67
C:\ComboFix.txt ... 06-12-21 23:05

I have a Account called All Users, but so does everyone else.
Well, there is another account called Blake Thomas, and when i was on it, i tried to go on admin, but it said access denied, but one day i was on Blake Thomas, i restarted and then, i was on Administrator and i tried to go back on Blake Thomas, and now that is access denied.
Heres some pics:




Well i checked in User Accounts and there isnt a Blake Thomas, only admin and guest.

Though, there is a C:\Documents and Settings\Blake Thomas

Also, When i turn my computer on, and open a program that plays music and/or videos like: itunes, vlc player, etc.
i can listen to music, but after a while, my sound device driver is uninstalled.
like for a little amount of time, if i open up a program then leave it for a while, i can listen to music while the sound device driver is uninstalled, but once i close the application and re-open, no sound.
i use SoundMAX and this is obviously a virus.
while sound is working in Sound and Audio Devices Properties, Volume/Sounds/Audio/ is all filled in with SoundMAX, but once it stops working because of the virus, it says No Playback devices.
I also checked in Device Manager, and SoundMAX Integrated Digital Audio is still installed while my sound isnt working
and also, i went to Volume Control while the sound wasnt working, and it said the following:
There are no active mixer devices available. To install mixer devices, go to Control Panel, click printers and Other Hardware, and then click Add Hardware.

This program will now close.
OK

Well, once i restart because the sound isnt working, it starts working again for a little bit, then a virusus or something uninstalls it again.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top