Thread: backdoor.hupigon, comp slowdown, broken Firefox
View Single Post
Old 10-03-2007, 12:27 AM   #1 (permalink)
krp312
Registered User
 
Join Date: Oct 2007
Posts: 12
OS: xp sp2


backdoor.hupigon, comp slowdown, broken Firefox
Hey,

Info:
- Comp is much slower.
- Internet is much slower.
- Clicking on a site from a Google search takes me to a completely different site (usually asking me to buy something). It occurs with Firefox often, and sometimes with IE6.
- AVG detected something like "trojan.backdoor.hupigon" but couldn't remove it.
- Later, scanned with Ad-Aware '07, Windows Defender, SpyCatcher, and Spybot. Spybot detected spyware. It removed what it found, but the comp still suffers from the same symptoms.

I'm inexperienced with malware, but I've gone down the road of using Google for help. Sites would point to registry entries for hupigon, but I didn't have them. I'm not sure what the problem is and any help is greatly appreciated.

Here's the hijackthis log, and the extra.txt file is attached.


Deckard's System Scanner v20070905.67
Run by ryan on 2007-10-03 02:10:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2007-10-03 06:10:45 UTC - RP227 - Deckard's System Scanner Restore Point
10: 2007-10-02 06:45:23 UTC - RP226 - System Checkpoint
9: 2007-09-30 14:33:08 UTC - RP225 - System Checkpoint
8: 2007-09-29 14:18:27 UTC - RP224 - Installed Top Spin 2.
7: 2007-09-29 14:18:08 UTC - RP223 - Installed DirectX


-- First Restore Point --
1: 2007-09-27 11:35:22 UTC - RP217 - Installed Virtua Tennis 3


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ryan.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:12:28 AM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\nvtemplogger.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\allSnap\allSnap.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\xmplay34\xmplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\ryan\Desktop\dss.exe
C:\DOCUME~1\ryan\STARTM~1\Programs\ryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Shortcut to xmplay.exe.lnk = C:\xmplay34\xmplay.exe
O4 - Global Startup: nvtemplogger.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8A980E-4837-41E0-B5A1-BDE56CDF7711}: NameServer = 85.255.113.141,85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{36BF306B-97D5-4F0A-93D0-F811D75521EE}: NameServer = 85.255.113.141,85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{477EA422-D9E6-4368-8567-28E1D5FF01CA}: NameServer = 85.255.113.141,85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{869117BB-73C1-4B64-86EC-EE9334021664}: NameServer = 85.255.113.141,85.255.112.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F8A980E-4837-41E0-B5A1-BDE56CDF7711}: NameServer = 85.255.113.141,85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ASFWHide - c:\docume~1\ryan\locals~1\temp\asfwhide (file missing)
S3 M3AD (Motorola Messenger Modem Audio Device) - c:\windows\system32\drivers\m3aux.sys (file missing)
S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1543&DEV_3155&SUBSYS_10431335&REV_1007\4&241E9611&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1543&DEV_3155&SUBSYS_10431335&REV_1007\4&241E9611&0&0101
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_11F51043&REV_01\4&276B2DFF&0&00E2
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_11F51043&REV_01\4&276B2DFF&0&00E2
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2007-09-29 19:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-09-29 14:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-09-28 19:10:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 19:07:44 40960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-09-28 19:07:43 0 d-------- C:\Program Files\SpyCatcher
2007-09-28 10:45:50 0 d-------- C:\Documents and Settings\ryan\Application Data\Tenebril
2007-09-28 10:42:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-28 10:42:33 0 d-------- C:\WINDOWS\system32\tenarchlib
2007-09-28 10:42:33 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2007-09-28 10:38:25 0 d-------- C:\Documents and Settings\ryan\Application Data\GetRightToGo
2007-09-28 09:27:39 0 d-------- C:\WINDOWS\CSC
2007-09-28 08:20:13 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-25 09:35:58 0 d-------- C:\Documents and Settings\ryan\Application Data\WinRAR
2007-09-22 20:39:12 0 d-------- C:\Program Files\iPod
2007-09-22 20:39:05 0 d-------- C:\Program Files\iTunes
2007-09-05 16:48:34 0 d-------- C:\Program Files\Calgoo


-- Find3M Report ---------------------------------------------------------------

2007-10-02 21:00:13 718 --a------ C:\Documents and Settings\ryan\Application Data\AtomicAlarmClock.ini
2007-10-02 15:44:28 0 d-------- C:\Documents and Settings\ryan\Application Data\uTorrent
2007-09-29 21:45:00 1035 --a------ C:\Documents and Settings\ryan\Application Data\alarms.ini
2007-09-28 21:53:43 0 d--h----- C:\Documents and Settings\ryan\Application Data\Move Networks
2007-09-28 19:30:37 0 d-------- C:\Documents and Settings\ryan\Application Data\AVG7
2007-09-28 08:19:56 0 d-------- C:\Program Files\Common Files
2007-09-27 07:35:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-26 11:03:11 1467 --a------ C:\WINDOWS\mozver.dat
2007-09-26 11:02:58 0 d-------- C:\Program Files\Java
2007-09-24 00:56:55 0 d-------- C:\Documents and Settings\ryan\Application Data\gtk-2.0
2007-09-23 22:44:04 0 d-------- C:\Documents and Settings\ryan\Application Data\dvdcss
2007-09-14 22:50:34 0 d-------- C:\Program Files\Apple Software Update
2007-09-03 22:01:49 0 d-------- C:\Program Files\FlashFXP
2007-08-30 22:21:12 0 d-------- C:\Documents and Settings\ryan\Application Data\Adobe
2007-08-29 01:27:12 0 d-------- C:\Documents and Settings\ryan\Application Data\LimeWire
2007-08-28 23:46:04 0 d-------- C:\Documents and Settings\ryan\Application Data\Help
2007-08-28 23:45:52 0 d-------- C:\Program Files\PBsoft
2007-08-23 19:50:45 0 d-------- C:\Documents and Settings\ryan\Application Data\Skype
2007-08-09 23:27:43 0 d-------- C:\Program Files\XBCD
2007-07-31 22:05:39 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-31 22:05:39 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-12 06:12:46 167424 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-12 05:52:46 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [08/23/2006 07:22 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2006 05:58 AM]
"nwiz"="nwiz.exe" [07/20/2006 05:58 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2006 05:58 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/20/2005 11:26 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/02/2006 12:38 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/02/2006 12:32 AM]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [05/16/2006 04:29 PM]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [03/14/2006 05:46 PM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [05/30/2006 10:28 AM]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [01/02/2006 07:14 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 02:45 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 06:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"RegistryMechanic"="" []
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [07/09/2007 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [03/23/2007 05:29 PM]
"Aim6"="" []

C:\Documents and Settings\ryan\Start Menu\Programs\Startup\
allSnap.lnk - C:\Program Files\allSnap\allSnap.exe [3/19/2004 11:02:14 PM]
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [9/28/2007 7:07:45 PM]
Shortcut to xmplay.exe.lnk - C:\xmplay34\xmplay.exe [7/12/2007 6:37:30 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
nvtemplogger.lnk - C:\nvtemplogger.exe [3/27/2007 11:08:54 AM]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [9/28/2007 7:07:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdgna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
C:\Program Files\Wireless Console 2\wcourier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29676d98-fa11-11db-a629-0018de048cb5}]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87a67940-ec4e-11db-a5f3-0018de048cb5}]
AutoRun\command- G:\wd_windows_tools\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-03 02:13:01 ------------
Attached Files
File Type: txt extra.txt (29.3 KB, 0 views)
Last edited by krp312; 10-03-2007 at 12:50 AM.
krp312 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here