Hupigon3.mrb in Wab64.dll
I have the same annoying virus, it doesnt seem to do anything yet but i dont want to wait for the trigger. heres a combofix and hijack this log.
ComboFix 07-11-19.4C - Owner 2007-11-29 2:15:08.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.621 [GMT -8:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin16.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin17.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin18.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin19.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin20.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin21.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\WINDOWS\cnsinfo.dat
C:\WINDOWS\Downloaded Program Files\Update
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CNSMINKP
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-28 09:01 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-28 09:01 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-28 09:01 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-28 09:01 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-28 08:38 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-28 08:35 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-28 08:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2007-11-28 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-27 23:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 01:34 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-11-26 00:57 496,535,411 --a------ C:\Hitman 2 Silent Assassin (PC GAME FULL).exe
2007-11-25 20:48 <DIR> d-------- C:\Step.Up[2006]DvDrip[Eng]-aXXo
2007-11-25 16:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-25 16:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-24 17:34 <DIR> d-------- C:\Shes.The.Man.DVDRip.XviD-ANTH
2007-11-24 00:37 <DIR> d-------- C:\Movies
2007-11-22 20:15 <DIR> d-------- C:\Desperate Housewives
2007-11-20 19:45 <DIR> d-------- C:\Paul Anka.21 Golden Hits[P]1963(Pugz.128k.mp3)
2007-11-18 20:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\X10 Commander
2007-11-16 15:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ATI MMC
2007-11-16 10:12 <DIR> d-------- C:\AeriaGames
2007-11-10 02:25 <DIR> d-------- C:\Jay-Z-American_Gangster-Retail-2007-CR
2007-11-09 00:51 <DIR> d-------- C:\The Tony Rich Project - Pictures [2006] [R&B] [
www.file24ever.com]
2007-11-07 15:33 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2007-11-07 15:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-07 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-07 15:14 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2007-11-07 15:12 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-11-07 15:12 257,872 --------- C:\WINDOWS\system32\drivers\atirwvd.sys
2007-11-07 15:12 9,091 --------- C:\WINDOWS\system32\drivers\atirwrf.sys
2007-11-07 15:11 <DIR> d-------- C:\Program Files\msaccrt
2007-11-07 15:10 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-11-07 15:10 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-07 15:10 <DIR> d-------- C:\Program Files\Windows Media Components
2007-11-07 15:09 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2007-11-07 15:09 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-11-02 10:22 <DIR> dr------- C:\UDC Output Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 10:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-10-23 10:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 10:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-23 10:01 --------- d-----w C:\Program Files\THQ
2007-10-20 18:19 30,363,648 ----a-w C:\Documents and Settings\Owner\Main.dat
2007-10-20 12:50 --------- d-----w C:\Program Files\BPK
2007-10-20 07:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\ATI
2007-10-20 07:01 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-10-20 02:17 --------- d-----w C:\Program Files\Steam
2007-10-20 02:00 --------- d-----w C:\Program Files\ATI Technologies
2007-10-19 04:47 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-10-17 07:04 --------- d-----w C:\Program Files\Boris FX, Inc
2007-10-15 09:43 --------- d-----w C:\Program Files\Morgan
2007-10-15 01:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Publish Providers
2007-10-15 01:40 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-10-15 01:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony
2007-10-15 01:33 --------- d-----w C:\Program Files\Vstplugins
2007-10-15 01:33 --------- d-----w C:\Program Files\Sony
2007-10-15 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-10-15 01:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Setup
2007-10-15 01:13 --------- d-----w C:\Program Files\Sony Setup
2007-10-13 08:47 --------- d-----w C:\Program Files\Jetico
2007-10-11 06:10 --------- d-----w C:\Program Files\PQDVD
2007-10-07 03:04 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
2007-10-07 03:04 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
2007-10-06 10:30 --------- d-----w C:\Program Files\PowerISO
2007-10-06 10:26 --------- d-----w C:\Program Files\MagicDisc
2007-08-31 07:45 411,956 ----a-w C:\WINDOWS\SAAB_1.scr
2007-08-31 07:45 2,541,631 ----a-w C:\WINDOWS\SAAB_1.exe
2007-08-29 10:27 253,952 ----a-w C:\WINDOWS\BCUnInstall.exe
2002-11-18 14:26 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-10-24 16:29 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-10-24 16:28 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2002-10-24 16:02 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2001-08-04 02:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 02:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 17:05]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-28 08:38]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 02:51]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-10-06 02:26:02]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk
backup=C:\WINDOWS\pss\Smart Wizard Wireless Settings.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk
backup=C:\WINDOWS\pss\Wireless Configuration Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
backup=C:\WINDOWS\pss\Folding@Home 5.03.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GpsGate.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GpsGate.lnk
backup=C:\WINDOWS\pss\GpsGate.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\802.11 WLAN\ACU.exe -nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
2004-06-15 22:17 69705 --a------ C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
2004-06-15 22:22 106571 --a------ C:\Program Files\ATI Multimedia\main\launchpd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
2004-04-16 06:43 196608 --a------ C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-07-10 21:10 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
C:\Program Files\Jetico\BCWipe\BCWipeTM.exe startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
C:\WINDOWS\system32\BMUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-09 20:29 49152 --------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-24 17:22 1916928 --------- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2002-11-18 06:17 94208 --a------ C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\peakinternet]
2006-10-20 00:41 417792 --a------ C:\Program Files\BPK\peakinternet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\Ringz Studio\Storm Codec\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealPlayer\realplay.exe /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 04:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SM_ml1600_FUService"=3 (0x3)
"SavRoam"=3 (0x3)
"P4P Service"=2 (0x2)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"CiSvc"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"wscsvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"aswUpdSv"=2 (0x2)
"ACS"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"x10nets"=3 (0x3)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 AR5523;802.11 WLAN USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys
S2 NetCM;Network Connection Manager;C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe
S3 ATHFMWDL;WLAN USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\H:\INSTAL~E\Core\BVRPMPR5.SYS
S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys
S4 SM_ml1600_FUService;ML-2010 Status Monitor Service;"C:\Program Files\Samsung ML-2010 Series\CommonSM\ssmsrvc /Service
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-29 02:21:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-29 2:22:38 - machine was rebooted
.
--- E O F ---
HIJACK THIS! -------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:27, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1196269234718
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B80F3B7-AAFF-42E9-B2C4-26FB8C866663}: NameServer = 192.168.0.1,192.168.0.100
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 4636 bytes
