Thread: backdoor.hupigon, comp slowdown, broken Firefox
View Single Post
Old 10-03-2007, 10:41 PM   #6 (permalink)
krp312
Registered User
 
Join Date: Oct 2007
Posts: 12
OS: xp sp2


Re: backdoor.hupigon, comp slowdown, broken Firefox
Things to note:
- Submitted the .zip file
- Didn't find Viewpoint in add/remove programs
- Kaspersky detected a virus and infected files but didn't clean anything up. Its log is attached as kas_log.rar since .html's aren't allowed here.

Once again, your help is VERY MUCH appreciated!

-kris


=========
combofix log
=========

ComboFix 07-10-04.4 - ryan 2007-10-03 22:28:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1483 [GMT -4:00]
Running from: C:\Documents and Settings\ryan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ryan\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-03 21:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 02:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 02:10 <DIR> d-------- C:\Deckard
2007-09-29 17:19 49,536 --a------ C:\WINDOWS\system32\drivers\a7xpr1bn.sys
2007-09-29 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-09-28 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-28 19:07 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-09-28 19:07 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-09-28 19:07 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-09-28 19:07 <DIR> d-------- C:\Program Files\SpyCatcher
2007-09-28 10:45 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Tenebril
2007-09-28 10:42 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-09-28 10:42 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-09-28 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-28 10:38 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\GetRightToGo
2007-09-28 08:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-25 09:35 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\WinRAR
2007-09-23 19:40 49,536 --a------ C:\WINDOWS\system32\drivers\avb5xsaw.sys
2007-09-23 15:02 49,536 --a------ C:\WINDOWS\system32\drivers\au0orxx9.sys
2007-09-22 20:39 <DIR> d-------- C:\Program Files\iTunes
2007-09-22 20:39 <DIR> d-------- C:\Program Files\iPod
2007-09-05 16:48 <DIR> d-------- C:\Program Files\Calgoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 15:44 --------- d-------- C:\Documents and Settings\ryan\Application Data\uTorrent
2007-09-28 21:53 --------- d--h----- C:\Documents and Settings\ryan\Application Data\Move Networks
2007-09-28 19:06 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-28 19:06 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-27 07:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 00:56 --------- d-------- C:\Documents and Settings\ryan\Application Data\gtk-2.0
2007-09-23 22:44 --------- d-------- C:\Documents and Settings\ryan\Application Data\dvdcss
2007-09-19 03:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 22:50 --------- d-------- C:\Program Files\Apple Software Update
2007-09-03 22:01 --------- d-------- C:\Program Files\FlashFXP
2007-08-29 01:27 --------- d-------- C:\Documents and Settings\ryan\Application Data\LimeWire
2007-08-28 23:46 --------- d-------- C:\Documents and Settings\ryan\Application Data\Help
2007-08-28 23:45 --------- d-------- C:\Program Files\PBsoft
2007-08-23 19:50 --------- d-------- C:\Documents and Settings\ryan\Application Data\Skype
2007-08-09 23:27 --------- d-------- C:\Program Files\XBCD
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 06:12 167424 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-12 05:52 737280 --a------ C:\WINDOWS\iun6002.exe
1997-10-24 13:20 25088 --a------ C:\WINDOWS\inf\regl3acm.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 07:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 05:58]
"nwiz"="nwiz.exe" [2006-07-20 05:58 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 05:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 23:26]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 16:29]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 19:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 14:45]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RegistryMechanic"="" []
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-07-09 10:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-03-23 17:29]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
nvtemplogger.lnk - C:\nvtemplogger.exe [2007-03-27 11:08:54]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2007-09-28 19:07:45]

C:\Documents and Settings\ryan\Start Menu\Programs\Startup\
allSnap.lnk - C:\Program Files\allSnap\allSnap.exe [2004-03-19 23:02:14]
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [2007-09-28 19:07:45]
Shortcut to xmplay.exe.lnk - C:\xmplay34\xmplay.exe [2007-07-12 06:37:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
nvtemplogger.lnk - C:\nvtemplogger.exe [2007-03-27 11:08:54]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2007-09-28 19:07:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
C:\Program Files\Wireless Console 2\wcourier.exe

R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 usbvm321;Vimicro USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\usbvm321.sys
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ryan\LOCALS~1\Temp\ASFWHide
S3 M3AD;Motorola Messenger Modem Audio Device;C:\WINDOWS\system32\drivers\m3aux.sys
S3 XBCD;XBCD Kernel Module;C:\WINDOWS\system32\Drivers\xbcd.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29676d98-fa11-11db-a629-0018de048cb5}]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87a67940-ec4e-11db-a5f3-0018de048cb5}]
AutoRun\command- G:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 23:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 22:29:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 22:30:09
C:\ComboFix-quarantined-files.txt ... 2007-10-03 22:30
C:\ComboFix2.txt ... 2007-10-03 21:31
.
--- E O F ---



==========
hijackthis log
==========

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:19 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\nvtemplogger.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\allSnap\allSnap.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\putty.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Startup: Shortcut to xmplay.exe.lnk = C:\xmplay34\xmplay.exe
O4 - Global Startup: nvtemplogger.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7955 bytes
Attached Files
File Type: rar kas_log.rar (2.4 KB, 2 views)
krp312 is offline