Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
      
 
 Closed TopicStart new topic
how to remove Downloader.Delf.12.AN [RESOLVED]
redriller
post Jul 16 2008, 04:42 AM
Post #1


New Member
*
Posts: 7
OS: Windows XP
Hi Geekstogo!
I'm in trouble with this thing. Please help me. I use AVG 8.0 Free Edition. When I open My Computer, My Document and Internet Explorer, AVG warned me and removed it. However, after that it's still there.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:49 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UniKey\UniKey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.vn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {9CDD13C0-711E-4827-8949-7C45C3E399FC} - C:\WINDOWS\system32\dinpu.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [UniKey] C:\Program Files\UniKey\UniKey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 5058 bytes
Go to the top of the page
 
+Quote Post
Thunderbird1988
post Jul 16 2008, 05:35 AM
Post #2


Trusted Helper
Group Icon
Posts: 1,241
From: The Netherlands
OS: Windows XP/Vista Dualboot
Hello redriller and welcome at Geekstogo,

I am Thunderbird1988 and I am going to remove your malwareproblems. If you have any questions, feel free to ask smile.gif

Download ComboFix from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thunderbird1988
Go to the top of the page
 
+Quote Post
redriller
post Jul 16 2008, 08:02 PM
Post #3


New Member
*
Posts: 7
OS: Windows XP
I've followed the instruction before posting a Hijackthis log. I have activescan log and malwarebyts'antimalware log. Should I post them? Here is combofix log.

ComboFix 08-07-14.2 - Administrator 2008-07-16 9:45:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.292 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\UWA7P

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-06-30 18:18 . 2008-07-14 22:01 268 --ah----- C:\sqmdata19.sqm
2008-06-30 18:18 . 2008-07-14 22:01 244 --ah----- C:\sqmnoopt19.sqm
2008-06-29 19:55 . 2008-07-14 06:06 268 --ah----- C:\sqmdata18.sqm
2008-06-29 19:55 . 2008-07-14 06:06 244 --ah----- C:\sqmnoopt18.sqm
2008-06-29 19:45 . 2008-07-14 00:02 268 --ah----- C:\sqmdata17.sqm
2008-06-29 19:45 . 2008-07-14 00:02 244 --ah----- C:\sqmnoopt17.sqm
2008-06-29 17:20 . 2008-07-12 21:40 268 --ah----- C:\sqmdata16.sqm
2008-06-29 17:20 . 2008-07-12 21:40 244 --ah----- C:\sqmnoopt16.sqm
2008-06-29 17:15 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-29 17:12 . 2004-09-15 22:22 2,146,304 --------- C:\WINDOWS\UNNeroVision.exe
2008-06-29 17:12 . 2005-02-17 23:03 116,418 --------- C:\WINDOWS\UNNeroVision.cfg
2008-06-29 17:11 . 2008-06-29 17:11 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-29 17:11 . 2008-06-29 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-29 17:11 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-29 17:11 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-29 17:11 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-29 17:11 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-29 17:11 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-29 17:11 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-29 17:11 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-06-28 22:45 . 2008-07-12 19:00 268 --ah----- C:\sqmdata15.sqm
2008-06-28 22:45 . 2008-07-12 19:00 244 --ah----- C:\sqmnoopt15.sqm
2008-06-28 18:16 . 2008-07-11 11:13 268 --ah----- C:\sqmdata14.sqm
2008-06-28 18:16 . 2008-07-11 11:13 244 --ah----- C:\sqmnoopt14.sqm
2008-06-28 07:21 . 2008-07-10 22:10 268 --ah----- C:\sqmdata13.sqm
2008-06-28 07:21 . 2008-07-10 22:10 244 --ah----- C:\sqmnoopt13.sqm
2008-06-27 22:44 . 2008-07-09 06:00 268 --ah----- C:\sqmdata12.sqm
2008-06-27 22:44 . 2008-07-09 06:00 244 --ah----- C:\sqmnoopt12.sqm
2008-06-26 23:42 . 2008-07-08 23:06 268 --ah----- C:\sqmdata11.sqm
2008-06-26 23:42 . 2008-07-08 23:06 244 --ah----- C:\sqmnoopt11.sqm
2008-06-26 01:07 . 2008-07-07 23:02 268 --ah----- C:\sqmdata10.sqm
2008-06-26 01:07 . 2008-07-07 23:02 244 --ah----- C:\sqmnoopt10.sqm
2008-06-25 22:23 . 2008-07-06 22:44 268 --ah----- C:\sqmdata09.sqm
2008-06-25 22:23 . 2008-07-06 22:44 244 --ah----- C:\sqmnoopt09.sqm
2008-06-25 16:54 . 2008-07-06 18:28 268 --ah----- C:\sqmdata08.sqm
2008-06-25 16:54 . 2008-07-06 18:28 244 --ah----- C:\sqmnoopt08.sqm
2008-06-24 22:52 . 2008-07-06 15:26 268 --ah----- C:\sqmdata07.sqm
2008-06-24 22:52 . 2008-07-06 15:26 244 --ah----- C:\sqmnoopt07.sqm
2008-06-24 21:10 . 2008-07-05 22:00 268 --ah----- C:\sqmdata06.sqm
2008-06-24 21:10 . 2008-07-05 22:00 244 --ah----- C:\sqmnoopt06.sqm
2008-06-24 20:03 . 2008-07-05 07:45 268 --ah----- C:\sqmdata05.sqm
2008-06-24 20:03 . 2008-07-05 07:45 244 --ah----- C:\sqmnoopt05.sqm
2008-06-24 19:01 . 2008-07-04 12:47 268 --ah----- C:\sqmdata04.sqm
2008-06-24 19:01 . 2008-07-04 12:47 244 --ah----- C:\sqmnoopt04.sqm
2008-06-23 21:22 . 2008-07-03 00:19 268 --ah----- C:\sqmdata03.sqm
2008-06-23 21:22 . 2008-07-03 00:19 244 --ah----- C:\sqmnoopt03.sqm
2008-06-23 06:29 . 2008-07-16 09:25 268 --ah----- C:\sqmdata02.sqm
2008-06-23 06:29 . 2008-07-16 09:25 244 --ah----- C:\sqmnoopt02.sqm
2008-06-22 20:33 . 2008-07-15 21:49 268 --ah----- C:\sqmdata01.sqm
2008-06-22 20:33 . 2008-07-15 21:49 244 --ah----- C:\sqmnoopt01.sqm
2008-06-21 20:57 . 2008-07-15 19:15 268 --ah----- C:\sqmdata00.sqm
2008-06-21 20:57 . 2008-07-15 19:15 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 02:42 --------- d-----w C:\Program Files\FlashGet
2008-07-05 11:50 --------- d-----w C:\Program Files\mtd2002
2008-06-29 10:16 --------- d-----w C:\Program Files\Ahead
2008-06-25 11:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-06-07 03:55 --------- d-----w C:\Program Files\MSN Messenger
2008-05-21 14:46 --------- d-----w C:\Program Files\Plaxis8x
2008-05-14 12:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.

------- Sigcheck -------

2004-08-04 08:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 08:07 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CDD13C0-711E-4827-8949-7C45C3E399FC}]
2004-08-04 08:07 104448 --a------ C:\WINDOWS\system32\dinpu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="C:\Program Files\UniKey\UniKey.exe" [2004-04-08 05:34 122880]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-27 19:09 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-27 18:56 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 19:04 1177368]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 lfvvxzdp;lfvvxzdp;C:\WINDOWS\system32\drivers\ooacqqqv.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 19:05]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-14 19:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 19:04]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-14 19:05]
S3 GT680xNT;ColorPage-Vivid 1200X;C:\WINDOWS\system32\drivers\gt680x.sys [2003-02-27 05:55]
S3 hpk;hpk;C:\WINDOWS\system32\drivers\hpk.sys [2007-11-07 20:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e904b445-c09f-11dc-a844-000f1f1692b9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 09:50:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lfvvxzdp]
"ImagePath"="system32\drivers\ooacqqqv.dat"
.
Completion time: 2008-07-16 9:53:39
ComboFix-quarantined-files.txt 2008-07-16 02:53:27

Pre-Run: 13,094,973,440 bytes free
Post-Run: 13,364,666,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

150

_____________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:48 AM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UniKey\UniKey.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://google.com.vn/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,HomeOldSP = about:blank
O2 - BHO: IeCatch5 Class -

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) -

{9CDD13C0-711E-4827-8949-7C45C3E399FC} -

C:\WINDOWS\system32\dinpu.dll
O2 - BHO: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: gFlash Class -

{F156768E-81EF-470C-9057-481BA8380DBA} -

C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar -

{E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY]

C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [UniKey] C:\Program

Files\UniKey\UniKey.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Download All with

FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet -

C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet -

C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet -

C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet -

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}

(ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.c

ab
O18 - Protocol: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk -

C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG

Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies

CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 5107 bytes

This post has been edited by redriller: Jul 16 2008, 08:04 PM
Go to the top of the page
 
+Quote Post
Thunderbird1988
post Jul 17 2008, 12:31 AM
Post #4


Trusted Helper
Group Icon
Posts: 1,241
From: The Netherlands
OS: Windows XP/Vista Dualboot
Hello redriller,

Yes, please post the logs of Malwarebyte and activescan.

Please do also do the following.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

QUOTE
File::
C:\WINDOWS\system32\dinpu.dll
C:\WINDOWS\system32\drivers\ooacqqqv.dat

Folder::

Driver::
lfvvxzdp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CDD13C0-711E-4827-8949-7C45C3E399FC}]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Thunderbird1988
Go to the top of the page
 
+Quote Post
redriller
post Jul 17 2008, 02:20 AM
Post #5


New Member
*
Posts: 7
OS: Windows XP
Hi thunderbird1988.
Here are activescan log and malwarebytes log.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-16 14:03:39
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 2
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00041492 adware/cws.aboutblank Adware No 0 Yes No hkey_local_machine\software\microsoft\internet explorer\main\homeoldsp
00046160 adware/searchexe Adware No 0 Yes No HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
00046160 adware/searchexe Adware No 0 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar
00046160 adware/searchexe Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\main\homeoldsp
02866161 Adware/AVSystemCare Adware No 0 Yes No C:\WINDOWS\system32\dinpu.4
02878114 Adware/AVSystemCare Adware No 0 Yes No C:\WINDOWS\system32\dinpu.5
02887975 Trj/BHO.AA Virus/Trojan No 0 Yes No C:\WINDOWS\system32\dinpu.6
02897170 Rootkit/Agent.HWS HackTools No 0 Yes No C:\WINDOWS\system32\drivers\ooacqqqv.dat
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location i
;===============================================================================
=================================================================================
===================
No C:\WINDOWS\system32\dinpu.2 i
No C:\WINDOWS\system32\dinpu.3 i
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description i
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002 i
184379 MEDIUM MS08-001 i
182048 HIGH MS07-069 i
182046 HIGH MS07-067 i
182043 HIGH MS07-064 i
179553 HIGH MS07-061 i
176382 HIGH MS07-057 i
176383 HIGH MS07-058 i
170911 HIGH MS07-050 i
170907 HIGH MS07-046 i
170906 HIGH MS07-045 i
170904 HIGH MS07-043 i
164915 HIGH MS07-035 i
164913 HIGH MS07-033 i
164911 HIGH MS07-031 i
160623 HIGH MS07-027 i
157262 HIGH MS07-022 i
157261 HIGH MS07-021 i
157260 HIGH MS07-020 i
157259 HIGH MS07-019 i
156477 HIGH MS07-017 i
150253 HIGH MS07-016 i
150249 HIGH MS07-013 i
150248 HIGH MS07-012 i
150247 HIGH MS07-011 i
150243 HIGH MS07-008 i
150242 HIGH MS07-007 i
150241 MEDIUM MS07-006 i
141034 HIGH MS06-076 i
141033 MEDIUM MS06-075 i
141030 HIGH MS06-072 i
137571 HIGH MS06-070 i
137568 HIGH MS06-067 i
133387 MEDIUM MS06-065 i
133386 MEDIUM MS06-064 i
133385 MEDIUM MS06-063 i
133379 HIGH MS06-057 i
131654 HIGH MS06-055 i
129977 MEDIUM MS06-053 i
129976 MEDIUM MS06-052 i
126093 HIGH MS06-051 i
126092 MEDIUM MS06-050 i
126087 HIGH MS06-046 i
126086 MEDIUM MS06-045 i
126083 HIGH MS06-042 i
126082 HIGH MS06-041 i
126081 HIGH MS06-040 i
123421 HIGH MS06-036 i
123420 HIGH MS06-035 i
120825 MEDIUM MS06-032 i
120823 MEDIUM MS06-030 i
120818 HIGH MS06-025 i
120815 HIGH MS06-022 i
120814 HIGH MS06-021 i
117384 MEDIUM MS06-018 i
114666 HIGH MS06-015 i
114664 HIGH MS06-013 i
108744 MEDIUM MS06-008 i
108743 MEDIUM MS06-007 i
108742 MEDIUM MS06-006 i
104567 HIGH MS06-002 i
104237 HIGH MS06-001 i
96574 HIGH MS05-053 i
93395 HIGH MS05-051 i
93394 HIGH MS05-050 i
93454 MEDIUM MS05-049 i
;===============================================================================
=================================================================================
===================

_______________________________

Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 5.1.2600 Service Pack 2

5:16:25 PM 7/16/2008
mbam-log-7-16-2008 (17-16-25).txt

Scan type: Quick Scan
Objects scanned: 37934
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks so much.
Go to the top of the page
 
+Quote Post
redriller
post Jul 17 2008, 02:37 AM
Post #6


New Member
*
Posts: 7
OS: Windows XP
I have them here.

ComboFix 08-07-14.2 - Administrator 2008-07-17 15:23:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.304 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\dinpu.dll
C:\WINDOWS\system32\drivers\ooacqqqv.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dinpu.dll
C:\WINDOWS\system32\drivers\ooacqqqv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LFVVXZDP
-------\Service_lfvvxzdp


((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 15:22 . 2008-07-17 15:22 169 --a------ C:\Start_.cmd
2008-07-16 14:05 . 2008-07-16 14:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-16 14:05 . 2008-07-16 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-16 14:05 . 2008-07-16 14:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-16 14:05 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-16 14:05 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-16 11:36 . 2008-07-16 11:36 <DIR> d-------- C:\Program Files\Panda Security
2008-07-16 11:36 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-16 10:25 . 2008-07-16 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-16 10:25 . 2008-07-16 11:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-16 10:19 . 2008-07-16 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-30 18:18 . 2008-07-14 22:01 268 --ah----- C:\sqmdata19.sqm
2008-06-30 18:18 . 2008-07-14 22:01 244 --ah----- C:\sqmnoopt19.sqm
2008-06-29 19:55 . 2008-07-14 06:06 268 --ah----- C:\sqmdata18.sqm
2008-06-29 19:55 . 2008-07-14 06:06 244 --ah----- C:\sqmnoopt18.sqm
2008-06-29 19:45 . 2008-07-14 00:02 268 --ah----- C:\sqmdata17.sqm
2008-06-29 19:45 . 2008-07-14 00:02 244 --ah----- C:\sqmnoopt17.sqm
2008-06-29 17:20 . 2008-07-12 21:40 268 --ah----- C:\sqmdata16.sqm
2008-06-29 17:20 . 2008-07-12 21:40 244 --ah----- C:\sqmnoopt16.sqm
2008-06-29 17:15 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-29 17:11 . 2008-06-29 17:11 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-29 17:11 . 2008-06-29 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-29 17:11 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-29 17:11 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-29 17:11 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-29 17:11 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-29 17:11 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-29 17:11 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-29 17:11 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-06-28 22:45 . 2008-07-12 19:00 268 --ah----- C:\sqmdata15.sqm
2008-06-28 22:45 . 2008-07-12 19:00 244 --ah----- C:\sqmnoopt15.sqm
2008-06-28 18:16 . 2008-07-11 11:13 268 --ah----- C:\sqmdata14.sqm
2008-06-28 18:16 . 2008-07-11 11:13 244 --ah----- C:\sqmnoopt14.sqm
2008-06-28 07:21 . 2008-07-10 22:10 268 --ah----- C:\sqmdata13.sqm
2008-06-28 07:21 . 2008-07-10 22:10 244 --ah----- C:\sqmnoopt13.sqm
2008-06-27 22:44 . 2008-07-09 06:00 268 --ah----- C:\sqmdata12.sqm
2008-06-27 22:44 . 2008-07-09 06:00 244 --ah----- C:\sqmnoopt12.sqm
2008-06-26 23:42 . 2008-07-08 23:06 268 --ah----- C:\sqmdata11.sqm
2008-06-26 23:42 . 2008-07-08 23:06 244 --ah----- C:\sqmnoopt11.sqm
2008-06-26 01:07 . 2008-07-07 23:02 268 --ah----- C:\sqmdata10.sqm
2008-06-26 01:07 . 2008-07-07 23:02 244 --ah----- C:\sqmnoopt10.sqm
2008-06-25 22:23 . 2008-07-06 22:44 268 --ah----- C:\sqmdata09.sqm
2008-06-25 22:23 . 2008-07-06 22:44 244 --ah----- C:\sqmnoopt09.sqm
2008-06-25 16:54 . 2008-07-06 18:28 268 --ah----- C:\sqmdata08.sqm
2008-06-25 16:54 . 2008-07-06 18:28 244 --ah----- C:\sqmnoopt08.sqm
2008-06-24 22:52 . 2008-07-06 15:26 268 --ah----- C:\sqmdata07.sqm
2008-06-24 22:52 . 2008-07-06 15:26 244 --ah----- C:\sqmnoopt07.sqm
2008-06-24 21:10 . 2008-07-05 22:00 268 --ah----- C:\sqmdata06.sqm
2008-06-24 21:10 . 2008-07-05 22:00 244 --ah----- C:\sqmnoopt06.sqm
2008-06-24 20:03 . 2008-07-05 07:45 268 --ah----- C:\sqmdata05.sqm
2008-06-24 20:03 . 2008-07-05 07:45 244 --ah----- C:\sqmnoopt05.sqm
2008-06-24 19:01 . 2008-07-04 12:47 268 --ah----- C:\sqmdata04.sqm
2008-06-24 19:01 . 2008-07-04 12:47 244 --ah----- C:\sqmnoopt04.sqm
2008-06-23 21:22 . 2008-07-16 11:16 268 --ah----- C:\sqmdata03.sqm
2008-06-23 21:22 . 2008-07-16 11:16 244 --ah----- C:\sqmnoopt03.sqm
2008-06-23 06:29 . 2008-07-16 09:25 268 --ah----- C:\sqmdata02.sqm
2008-06-23 06:29 . 2008-07-16 09:25 244 --ah----- C:\sqmnoopt02.sqm
2008-06-22 20:33 . 2008-07-15 21:49 268 --ah----- C:\sqmdata01.sqm
2008-06-22 20:33 . 2008-07-15 21:49 244 --ah----- C:\sqmnoopt01.sqm
2008-06-21 20:57 . 2008-07-15 19:15 268 --ah----- C:\sqmdata00.sqm
2008-06-21 20:57 . 2008-07-15 19:15 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 02:19 --------- d-----w C:\Program Files\FlashGet
2008-07-16 04:26 --------- d-----w C:\Program Files\Ahead
2008-07-05 11:50 --------- d-----w C:\Program Files\mtd2002
2008-06-25 11:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-05-21 14:46 --------- d-----w C:\Program Files\Plaxis8x
2008-05-14 12:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.

------- Sigcheck -------

2004-08-04 08:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 08:07 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-16_ 9.52.46.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 03:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2005-10-20 13:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-03-17 13:16:45 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-16 04:22:00 53,166 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-17 13:16:45 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-16 04:22:01 380,918 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UniKey"="C:\Program Files\UniKey\UniKey.exe" [2004-04-08 05:34 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-27 19:09 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-27 18:56 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 19:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 09:35 536576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 19:04 1177368]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 19:05]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-14 19:04]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 19:04]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-14 19:05]
S3 GT680xNT;ColorPage-Vivi