Thread: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
View Single Post
Old 01-16-2008, 02:26 AM   #1 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Pin Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi, to save your time try to be short.
OS XP Home SP2
My common problem, continuous pop-ups with ads of casino' etc. when IE or Mozilla are opened.
tried AVG and AVAST and cleaning TEMP dirs

I think I followed all the 5 steps recommended.
Here the detail of PANDA online SCAN (step2) :-)

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\typelib\{676F6D1D-C559-42A9-860B-27C1477B7179}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@cassava[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@doubleclick[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@statcounter[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@zedo[1].txt
_____________________
A grat thx in advance for your great effort!

Here the main scan result of dss.exe (step5).
extra.txt is attached

Deckard's System Scanner v20071014.68
Run by Alessio Zanibelli on 2008-01-16 09:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-09 07:46:15 UTC - RP698 - Remove AnyDVD


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alessio Zanibelli.exe) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9.36.00, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Alessio Zanibelli\Desktop\dss.exe
C:\DOCUME~1\ALESSI~1\DOCUME~1\OLDPC~1\SCARIC~1\SOFTWA~1\ANTIVI~1\HIJACK~1\Alessio Zanibelli.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...Install_it.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{22C1497E-DFE3-44E6-9300-E3C8BEEA8A53}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91340B6-0763-419C-8972-99E1AB391528}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe


-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 core - c:\windows\system32\drivers\core.sys
R1 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SKUSBKBF (USB Keyboard Filter Driver) - c:\windows\system32\drivers\skusbkbf.sys <Not Verified; Silitek Corp.; USB Keyboard>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BBDemon (Backbone Service) - "c:\programmi\dassault systemes\b16\intel_a\code\bin\catsysdemon.exe" -service <Not Verified; Dassault Systemes; Dassault Systemes Product>
R2 NICCONFIGSVC - c:\programmi\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\programmi\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\programmi\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 ServiceLayer - "c:\programmi\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 Cwbrxd (Comando remoto iSeries Access per Windows) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
S3 Diskeeper - c:\programmi\diskeeper corporation\diskeeper\dkservice.exe <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
S3 NBService - c:\programmi\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Digital Voice Recorder
Device ID: USB\VID_0FDE&PID_0636\6&38F84EC8&0&3
Manufacturer:
Name: Digital Voice Recorder
PNP Device ID: USB\VID_0FDE&PID_0636\6&38F84EC8&0&3
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\AF6D030334FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\AF6D030334FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-15 21:13:07 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-15 21:03:10 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-09 09:46:16 244 -rah----- C:\WINDOWS\Tasks\jkevny.job


-- Files created between 2007-12-16 and 2008-01-16 -----------------------------

2008-01-16 08:59:07 0 d-------- C:\Programmi\SpywareBlaster
2008-01-15 17:14:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 17:14:50 0 d-------- C:\WINDOWS\LastGood
2008-01-15 17:07:16 0 d-------- C:\Programmi\File comuni\Java
2008-01-08 16:40:54 80384 --a------ C:\WINDOWS\system32\drivers\core.sys


-- Find3M Report ---------------------------------------------------------------

2008-01-16 09:29:08 52855 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-16 09:25:49 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Skype
2008-01-15 20:09:11 0 d-------- C:\Programmi\Windows Defender
2008-01-15 20:08:13 0 d-------- C:\Programmi\PC Connectivity Solution
2008-01-15 19:58:09 0 d-------- C:\Programmi\File comuni\LightScribe
2008-01-15 19:57:48 0 d-------- C:\Programmi\File comuni\Autodesk Shared
2008-01-15 19:57:19 0 d-------- C:\Programmi\Digital Line Detect
2008-01-15 19:36:23 0 d-------- C:\Programmi\AVerTV
2008-01-15 19:32:42 0 d-------- C:\Programmi\Apoint
2008-01-15 19:32:29 0 d-------- C:\Programmi\7-Zip
2008-01-15 17:08:15 0 d-------- C:\Programmi\Java
2008-01-15 17:07:16 0 d-------- C:\Programmi\File comuni
2008-01-15 13:22:49 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\OpenOffice.org2
2008-01-14 17:48:03 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\uTorrent
2008-01-10 12:02:50 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Grisoft
2007-12-12 1043 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Hamachi
2007-12-05 11:17:20 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Blackberry Desktop
2007-12-05 11:10:50 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Research In Motion
2007-12-05 10:59:11 0 d-------- C:\Programmi\File comuni\Research In Motion
2007-12-05 10:58:34 0 d-------- C:\Programmi\Research In Motion
2007-11-19 18:39:03 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\DassaultSystemes
2007-11-19 18:37:15 0 d-------- C:\Programmi\Dassault Systemes
2007-11-16 16:08:04 0 d-------- C:\Programmi\Microsoft Works


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/12/2004 00.05]
"nwiz"="nwiz.exe" [01/12/2004 00.05 C:\WINDOWS\system32\nwiz.exe]
"@"="" []
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 15.59]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [13/09/2004 17.33]
"Client Access Service"="C:\Programmi\IBM\Client Access\cwbsvstr.exe" [07/05/2002 06.20]
"Client Access Help Update"="C:\Programmi\IBM\Client Access\cwbinhlp.exe" [07/05/2002 06.20]
"Client Access Check Version"="C:\Programmi\IBM\Client Access\cwbckver.exe" [07/05/2002 06.20]
"Client Access Express Welcome"="C:\Programmi\IBM\Client Access\cwbwlwiz.exe" [07/05/2002 06.20]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 12.52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 15.00]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [23/08/2007 14.58]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [03/11/2006 19.20]
"Detect Kbd Daemon"="SK2000DM.EXE" [12/03/2001 20.50 C:\WINDOWS\system32\SK2000DM.EXE]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15.10]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [01/09/2006 16.57]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11.25]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03.42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [13/09/2007 13.31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 13.00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Alessio Zanibelli\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [17/08/2007 22.57.56]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [14/01/2005 20.59.06]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [21/05/2005 0.37.02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Programmi\Qualcomm\Eudora\EuShlExt.dll [17/08/2006 15.57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 17.08 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-01-16 09:37:11 ------------
Attached Files
File Type: txt extra.txt (35.5 KB, 2 views)
Axo is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here