Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 01-16-2008, 01:26 AM   #1 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Pin Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi, to save your time try to be short.
OS XP Home SP2
My common problem, continuous pop-ups with ads of casino' etc. when IE or Mozilla are opened.
tried AVG and AVAST and cleaning TEMP dirs

I think I followed all the 5 steps recommended.
Here the detail of PANDA online SCAN (step2) :-)

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\typelib\{676F6D1D-C559-42A9-860B-27C1477B7179}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Adware:adware/powerstrip Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@ad.yieldmanager[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@cassava[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@doubleclick[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@statcounter[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alessio Zanibelli\Cookies\alessio zanibelli@zedo[1].txt
_____________________
A grat thx in advance for your great effort!

Here the main scan result of dss.exe (step5).
extra.txt is attached

Deckard's System Scanner v20071014.68
Run by Alessio Zanibelli on 2008-01-16 09:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-09 07:46:15 UTC - RP698 - Remove AnyDVD


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alessio Zanibelli.exe) -----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9.36.00, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Alessio Zanibelli\Desktop\dss.exe
C:\DOCUME~1\ALESSI~1\DOCUME~1\OLDPC~1\SCARIC~1\SOFTWA~1\ANTIVI~1\HIJACK~1\Alessio Zanibelli.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...Install_it.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{22C1497E-DFE3-44E6-9300-E3C8BEEA8A53}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91340B6-0763-419C-8972-99E1AB391528}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmi\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe


-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 core - c:\windows\system32\drivers\core.sys
R1 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SKUSBKBF (USB Keyboard Filter Driver) - c:\windows\system32\drivers\skusbkbf.sys <Not Verified; Silitek Corp.; USB Keyboard>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BBDemon (Backbone Service) - "c:\programmi\dassault systemes\b16\intel_a\code\bin\catsysdemon.exe" -service <Not Verified; Dassault Systemes; Dassault Systemes Product>
R2 NICCONFIGSVC - c:\programmi\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\programmi\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\programmi\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 ServiceLayer - "c:\programmi\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 Cwbrxd (Comando remoto iSeries Access per Windows) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM(R) iSeries (TM) Access for Windows>
S3 Diskeeper - c:\programmi\diskeeper corporation\diskeeper\dkservice.exe <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
S3 NBService - c:\programmi\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Digital Voice Recorder
Device ID: USB\VID_0FDE&PID_0636\6&38F84EC8&0&3
Manufacturer:
Name: Digital Voice Recorder
PNP Device ID: USB\VID_0FDE&PID_0636\6&38F84EC8&0&3
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\AF6D030334FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\AF6D030334FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-15 21:13:07 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-15 21:03:10 322 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-09 09:46:16 244 -rah----- C:\WINDOWS\Tasks\jkevny.job


-- Files created between 2007-12-16 and 2008-01-16 -----------------------------

2008-01-16 08:59:07 0 d-------- C:\Programmi\SpywareBlaster
2008-01-15 17:14:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 17:14:50 0 d-------- C:\WINDOWS\LastGood
2008-01-15 17:07:16 0 d-------- C:\Programmi\File comuni\Java
2008-01-08 16:40:54 80384 --a------ C:\WINDOWS\system32\drivers\core.sys


-- Find3M Report ---------------------------------------------------------------

2008-01-16 09:29:08 52855 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-16 09:25:49 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Skype
2008-01-15 20:09:11 0 d-------- C:\Programmi\Windows Defender
2008-01-15 20:08:13 0 d-------- C:\Programmi\PC Connectivity Solution
2008-01-15 19:58:09 0 d-------- C:\Programmi\File comuni\LightScribe
2008-01-15 19:57:48 0 d-------- C:\Programmi\File comuni\Autodesk Shared
2008-01-15 19:57:19 0 d-------- C:\Programmi\Digital Line Detect
2008-01-15 19:36:23 0 d-------- C:\Programmi\AVerTV
2008-01-15 19:32:42 0 d-------- C:\Programmi\Apoint
2008-01-15 19:32:29 0 d-------- C:\Programmi\7-Zip
2008-01-15 17:08:15 0 d-------- C:\Programmi\Java
2008-01-15 17:07:16 0 d-------- C:\Programmi\File comuni
2008-01-15 13:22:49 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\OpenOffice.org2
2008-01-14 17:48:03 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\uTorrent
2008-01-10 12:02:50 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Grisoft
2007-12-12 1043 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Hamachi
2007-12-05 11:17:20 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Blackberry Desktop
2007-12-05 11:10:50 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Research In Motion
2007-12-05 10:59:11 0 d-------- C:\Programmi\File comuni\Research In Motion
2007-12-05 10:58:34 0 d-------- C:\Programmi\Research In Motion
2007-11-19 18:39:03 0 d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\DassaultSystemes
2007-11-19 18:37:15 0 d-------- C:\Programmi\Dassault Systemes
2007-11-16 16:08:04 0 d-------- C:\Programmi\Microsoft Works


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/12/2004 00.05]
"nwiz"="nwiz.exe" [01/12/2004 00.05 C:\WINDOWS\system32\nwiz.exe]
"@"="" []
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 15.59]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [13/09/2004 17.33]
"Client Access Service"="C:\Programmi\IBM\Client Access\cwbsvstr.exe" [07/05/2002 06.20]
"Client Access Help Update"="C:\Programmi\IBM\Client Access\cwbinhlp.exe" [07/05/2002 06.20]
"Client Access Check Version"="C:\Programmi\IBM\Client Access\cwbckver.exe" [07/05/2002 06.20]
"Client Access Express Welcome"="C:\Programmi\IBM\Client Access\cwbwlwiz.exe" [07/05/2002 06.20]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 12.52]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 15.00]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [23/08/2007 14.58]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [03/11/2006 19.20]
"Detect Kbd Daemon"="SK2000DM.EXE" [12/03/2001 20.50 C:\WINDOWS\system32\SK2000DM.EXE]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 15.10]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [01/09/2006 16.57]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11.25]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03.42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [13/09/2007 13.31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 13.00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Alessio Zanibelli\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [17/08/2007 22.57.56]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [14/01/2005 20.59.06]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [21/05/2005 0.37.02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Programmi\Qualcomm\Eudora\EuShlExt.dll [17/08/2006 15.57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 17.08 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-01-16 09:37:11 ------------
Attached Files
File Type: txt extra.txt (35.5 KB, 2 views)
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-21-2008, 12:10 AM   #2 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
BUMP

only a bump hoping to get an answer soon.. I am still in trouble!
Thanks
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-24-2008, 02:36 AM   #3 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
bump
72hrs from previous bump.
192hrs from 1st post...
I know you have much work to do, but is there something wrong in my posts?
May I cry for a little bit help, please?
Thanks
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-28-2008, 02:38 AM   #4 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
bump

Hallo, "is there anybody out there?" P.F.
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-28-2008, 09:20 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hello, and Welcome to TSF.

Sorry for any delay in replying, but as you can see the forum is overwhelmed with please for aid, and some threads fall through the cracks.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-29-2008, 09:24 AM   #6 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Pin Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Tetontob, my saviour!
don't worry, I feel very lucky you care about me... do you remember De Niro in Mission movie? yopu seem the same to me!

Sorry it takes so long for the reply, I'm GMT+1 so may our "time window" is little...
Here Combofix log. Please note that my CPU had a reboot before combofix finished. I did not use any program, but normal startup occurred, and combofix finished after a normal strtup.

ComboFix 08-01-29.3 - Alessio Zanibelli 2008-01-29 17.45.33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.483 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Alessio Zanibelli\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\iforex.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\www.broadcaster.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\temp\tn3
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_IPRIP
-------\core
-------\Iprip


((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-29 )))))))))))))))))))))))))))))))))))
.

2008-01-29 17:18 . 2006-09-07 17:34 261,312 -r-hs---- C:\cmldr
2008-01-29 17:18 . 2005-05-24 10:18 211 -rahs---- C:\BOOT.BAK
2008-01-25 09:50 . 2008-01-25 09:50 <DIR> d-------- C:\Documents and Settings\Guest\Dati applicazioni\Toshiba
2008-01-22 09:26 . 2008-01-22 09:26 <DIR> d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\TrojanHunter
2008-01-21 18:31 . 2008-01-21 18:32 <DIR> d-------- C:\Programmi\TrojanHunter 5.0
2008-01-16 09:30 . 2008-01-16 09:30 <DIR> d-------- C:\Deckard
2008-01-16 08:59 . 2008-01-21 18:03 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-16 08:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-15 17:14 . 2008-01-15 20:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 17:14 . 2008-01-15 17:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-15 17:14 . 2008-01-15 17:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-15 17:14 . 2008-01-15 17:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-15 17:08 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 17:07 . 2008-01-15 17:07 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-11 10:31 . 2004-09-09 12:19 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-11 10:31 . 2008-01-29 17:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-11 10:31 . 2004-09-09 12:19 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-01-11 10:31 . 2005-05-21 00:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Sonic
2008-01-11 10:31 . 2005-05-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Jasc Software Inc
2008-01-11 10:31 . 2005-05-21 00:36 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Intel
2008-01-11 10:31 . 2008-01-11 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Grisoft
2008-01-11 10:31 . 2008-01-11 10:31 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-10 12:02 . 2008-01-10 12:02 <DIR> d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Grisoft
2008-01-10 12:02 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 09:38 . 2008-01-09 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-01-08 18:36 . 2008-01-24 10:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 18:36 . 2008-01-08 18:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 16:41 . 2008-01-09 09:34 24 --ahs---- C:\WINDOWS\SA2048A55.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 15:57 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Skype
2008-01-29 14:58 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\OpenOffice.org2
2008-01-27 11:21 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Hamachi
2008-01-25 07:50 --------- d-----w C:\Documents and Settings\Guest\Dati applicazioni\OpenOffice.org2
2008-01-21 07:57 --------- d-----w C:\Programmi\NCH Swift Sound
2008-01-15 18:09 --------- d-----w C:\Programmi\Windows Defender
2008-01-15 18:08 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-01-15 17:58 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-01-15 17:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-01-15 17:57 --------- d-----w C:\Programmi\Digital Line Detect
2008-01-15 17:36 --------- d-----w C:\Programmi\AVerTV
2008-01-15 17:32 --------- d-----w C:\Programmi\Apoint
2008-01-15 17:32 --------- d-----w C:\Programmi\7-Zip
2008-01-15 15:08 --------- d-----w C:\Programmi\Java
2008-01-14 15:48 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\uTorrent
2008-01-14 14:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2007-12-07 08:19 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-05 09:17 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Blackberry Desktop
2007-12-05 09:10 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Research In Motion
2007-12-05 08:59 --------- d-----w C:\Programmi\File comuni\Research In Motion
2007-12-05 08:58 --------- d-----w C:\Programmi\Research In Motion
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:27 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-01 00:05 4636672]
"nwiz"="nwiz.exe" [2004-12-01 00:05 921600 C:\WINDOWS\system32\nwiz.exe]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"Client Access Service"="C:\Programmi\IBM\Client Access\cwbsvstr.exe" [2002-05-07 06:20 20530]
"Client Access Help Update"="C:\Programmi\IBM\Client Access\cwbinhlp.exe" [2002-05-07 06:20 24626]
"Client Access Check Version"="C:\Programmi\IBM\Client Access\cwbckver.exe" [2002-05-07 06:20 45056]
"Client Access Express Welcome"="C:\Programmi\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 06:20 20530]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 14:58 1838592]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Detect Kbd Daemon"="SK2000DM.EXE" [2001-03-12 20:50 29184 C:\WINDOWS\system32\SK2000DM.EXE]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"THGuard"="C:\Programmi\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-11-13 19:54 34832]

C:\Documents and Settings\Alessio Zanibelli\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 20:59:06 483328]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [2005-05-21 00:37:02 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Programmi\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 BBDemon;Backbone Service;"C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" [2005-09-06 23:11]
R3 SKUSBKBF;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\SKUSBKBF.sys [2001-03-12 20:51]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-03 04:04]
S3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2007-01-26 19:22]
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2007-01-26 19:22]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-22 19:13:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-09 07:46:16 C:\WINDOWS\Tasks\jkevny.job"

And this is a fresh Hijackthis log. Also Hijack reported an error before doing the scan and asked me to email the error to somebody... but when I closed the error window had no more the address: after posting this will try to reproduce the error and inform the "owner"

Logfile of HijackThis v1.99.1
Scan saved at 18:16, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Programmi\TrojanHunter 5.0\THGuard.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Alessio Zanibelli\Documenti\Old PC\Scaricati da Internet\Software Downloads\Antivirus e firewall\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...Install_it.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{22C1497E-DFE3-44E6-9300-E3C8BEEA8A53}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91340B6-0763-419C-8972-99E1AB391528}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe

Bye and thankyou again!!
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-29-2008, 09:53 AM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi Axo -

Don't worry about the HijackThis error, but thanks for reporting it.

I should think your machine feels much better now. Please let me know.

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-30-2008, 11:51 PM   #8 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi tetontob,
yes, my machine works much more better now, no more pop ups while surfing
You are great !
Here Kaspersky log - cut'n'paste and not attached - I think I am still infected!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 31, 2008 8:39:08 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/01/2008
Kaspersky Anti-Virus database records: 538462
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
V:\
Z:\

Scan Statistics:
Total number of scanned objects: 132564
Number of viruses found: 1
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 06:44:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alessio Zanibelli\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbdam Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbdao Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbeam Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbeao Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbm Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\fii.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\hp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Google\Google Desktop\e8a5e39440c9\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{BB810C75-FC8C-4DDE-B89F-172C4D5C3FF3} Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DF769D.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DF96A7.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DFA497.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temp\~DFA862.tmp Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alessio Zanibelli\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\MPLog-04172007-102748.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\temp\MpCmdRun-30-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\updwmaph.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\jkevny.job Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2b4.dat Object is locked skipped
C:\WINDOWS\Temp\TMP0000010614AD2DC451107159 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Lettere\VPN\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
Z:\Virtual private network\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped

Scan process completed.
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-31-2008, 07:36 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Many of those finds are to do with VNC/VPN software. As long as you've intentionally installed this, it's not a concern.

There are a couple items I'd like to know more about.

Do you know what this task is for?

C:\WINDOWS\Tasks\jkevny.job

Also, please do this:

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\updwmaph.exe

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-31-2008, 09:24 AM   #10 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
C:\WINDOWS\Tasks\jkevny.job - I have no idea.
Virus Total scan result:
0 bytes size received / Se ha recibido un archivo vacio

Tried twice always the same result.

May I warn you about an AVAST warning received a few hours ago for a trojan? Perhaps may be helpful:
2008-01-31 17:08 SYSTEM 692 Sign of "Win32:Agent-LVW [Trj]" has been found in "C:\WINDOWS\TEMP\wanxbf.exe\[UPX]" file.
Wen I entered "delete" the file I heard the error sound of my winXP that reminds me something like "impossible to delete the file it is used by another application..."
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-31-2008, 09:30 AM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
0 bytes reported, locked file, no google results, can't be up to any good.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/212221-continuous-pop-ups-win32-agent-lvw-trj-cve-2007-0038-found-avast.html

File::
C:\WINDOWS\Tasks\jkevny.job


Collect::
C:\WINDOWS\system32\updwmaph.exe
C:\WINDOWS\TEMP\wanxbf.exe
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 12:28 AM   #12 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi tetontob, and - if applicable also to you-Good Morning!

Combofix worked and produced a log.txt file.
When I clicked "OK" to send the file, Firefox gave this error
"File not found"
"Firefox non trova il file /C:/ComboFix/CF-Submit.htm."

Tried also "reload" etc. but same message.

I opened manually the dir C:\ComboFix and found it completely empty, no files or subdirs.

I made a win search for file "CF-submit.htm" on my disks but had no results

I saved Combofix log.txt to the desktop waiting for new way to post or send it in another way.
Sorry but I don't think I made a mistake in the procedure... maybe a bug occurred
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 08:31 AM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi Axo -

Please do post the log.txt from ComboFix. If it's been closed, it's located at C:\ComboFix.txt

Is there a file on your desktop with a name similar to this:

[4]-Submit_2008-01-31@22.37.zip

If so, submit it here, please:

http://www.bleepingcomputer.com/subm....php?channel=4
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 08:35 AM   #14 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi tetontob,
here's ComboFix log:
ComboFix 08-01-29.3 - Alessio Zanibelli 2008-01-31 18:39:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.543 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Alessio Zanibelli\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alessio Zanibelli\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE
C:\WINDOWS\Tasks\jkevny.job
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks\jkevny.job
C:\WINDOWS\system32\updwmaph.exe
C:\WINDOWS\Tasks\jkevny.job
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\iforex.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\#SharedObjects\LQ4AXGGX\www.broadcaster.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\temp\tn3
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_IPRIP
-------\core
-------\Iprip




((((((((((((((((((((((((( Files Creati Da 2008-01-01 al 2008-02-01 )))))))))))))))))))))))))))))))))))
.

2008-01-30 17:29 . 2008-01-30 17:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-30 17:29 . 2008-01-30 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-29 17:18 . 2006-09-07 17:34 261,312 -r-hs---- C:\cmldr
2008-01-29 17:18 . 2005-05-24 10:18 211 -rahs---- C:\BOOT.BAK
2008-01-25 09:50 . 2008-01-25 09:50 <DIR> d-------- C:\Documents and Settings\Guest\Dati applicazioni\Toshiba
2008-01-22 09:26 . 2008-01-22 09:26 <DIR> d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\TrojanHunter
2008-01-21 18:31 . 2008-01-21 18:32 <DIR> d-------- C:\Programmi\TrojanHunter 5.0
2008-01-16 09:30 . 2008-01-16 09:30 <DIR> d-------- C:\Deckard
2008-01-16 08:59 . 2008-01-21 18:03 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-16 08:59 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-01-15 17:14 . 2008-01-15 20:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 17:14 . 2008-01-15 17:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-15 17:14 . 2008-01-15 17:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-15 17:14 . 2008-01-15 17:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-15 17:08 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 17:07 . 2008-01-15 17:07 <DIR> d-------- C:\Programmi\File comuni\Java
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-11 10:31 . 2004-09-09 12:19 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-11 10:31 . 2004-09-09 12:07 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-11 10:31 . 2008-01-31 18:44 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-11 10:31 . 2004-09-09 12:19 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-01-11 10:31 . 2005-05-21 00:48 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Sonic
2008-01-11 10:31 . 2005-05-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Jasc Software Inc
2008-01-11 10:31 . 2005-05-21 00:36 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Intel
2008-01-11 10:31 . 2008-01-11 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Grisoft
2008-01-11 10:31 . 2008-01-11 10:31 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-10 12:02 . 2008-01-10 12:02 <DIR> d-------- C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Grisoft
2008-01-10 12:02 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 09:38 . 2008-01-09 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
2008-01-08 18:36 . 2008-01-24 10:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 18:36 . 2008-01-08 18:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 16:41 . 2008-01-09 09:34 24 --ahs---- C:\WINDOWS\SA2048A55.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 16:09 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Skype
2008-01-29 16:05 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\OpenOffice.org2
2008-01-27 11:21 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Hamachi
2008-01-25 07:50 --------- d-----w C:\Documents and Settings\Guest\Dati applicazioni\OpenOffice.org2
2008-01-21 07:57 --------- d-----w C:\Programmi\NCH Swift Sound
2008-01-15 18:09 --------- d-----w C:\Programmi\Windows Defender
2008-01-15 18:08 --------- d-----w C:\Programmi\PC Connectivity Solution
2008-01-15 17:58 --------- d-----w C:\Programmi\File comuni\LightScribe
2008-01-15 17:57 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-01-15 17:57 --------- d-----w C:\Programmi\Digital Line Detect
2008-01-15 17:36 --------- d-----w C:\Programmi\AVerTV
2008-01-15 17:32 --------- d-----w C:\Programmi\Apoint
2008-01-15 17:32 --------- d-----w C:\Programmi\7-Zip
2008-01-15 15:08 --------- d-----w C:\Programmi\Java
2008-01-14 15:48 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\uTorrent
2008-01-14 14:51 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2007-12-07 08:19 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-05 09:17 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Blackberry Desktop
2007-12-05 09:10 --------- d-----w C:\Documents and Settings\Alessio Zanibelli\Dati applicazioni\Research In Motion
2007-12-05 08:59 --------- d-----w C:\Programmi\File comuni\Research In Motion
2007-12-05 08:58 --------- d-----w C:\Programmi\Research In Motion
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:27 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmi\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-01 00:05 4636672]
"nwiz"="nwiz.exe" [2004-12-01 00:05 921600 C:\WINDOWS\system32\nwiz.exe]
"IntelWireless"="C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"Apoint"="C:\Programmi\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"Client Access Service"="C:\Programmi\IBM\Client Access\cwbsvstr.exe" [2002-05-07 06:20 20530]
"Client Access Help Update"="C:\Programmi\IBM\Client Access\cwbinhlp.exe" [2002-05-07 06:20 24626]
"Client Access Check Version"="C:\Programmi\IBM\Client Access\cwbckver.exe" [2002-05-07 06:20 45056]
"Client Access Express Welcome"="C:\Programmi\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 06:20 20530]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 14:58 1838592]
"Windows Defender"="C:\Programmi\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"Detect Kbd Daemon"="SK2000DM.EXE" [2001-03-12 20:50 29184 C:\WINDOWS\system32\SK2000DM.EXE]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"THGuard"="C:\Programmi\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2006-11-13 19:54 34832]

C:\Documents and Settings\Alessio Zanibelli\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 20:59:06 483328]
Digital Line Detect.lnk - C:\Programmi\Digital Line Detect\DLG.exe [2005-05-21 00:37:02 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Programmi\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programmi\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programmi\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R2 BBDemon;Backbone Service;"C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" [2005-09-06 23:11]
R3 SKUSBKBF;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\SKUSBKBF.sys [2001-03-12 20:51]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-03 04:04]
S3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2007-01-26 19:22]
S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]
S3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2007-01-26 19:22]
S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe [2004-08-19 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-29 19:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-31 19:00:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmi\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 08:43:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\TrojanHunter 5.0\THGuard.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-01 8:49:27 - machine was rebooted [Alessio Zanibelli]
ComboFix-quarantined-files.txt 2008-02-01 06:49:20
.
2008-01-11 16:27:14 --- E O F ---

I now send the file where you posted the link to,www.bleeping...etc
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 08:39 AM   #15 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Done!
Bleeping Computer said to me:
"Malware Submission
Your file was successfully submitted. Please let the user helping you know that you have submitted the file. "
That's done!
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 09:06 AM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi Axo -

Thanks for uploading the file, it's been received. Please delete that zip file from your desktop now.

Tell me how the machine is behaving, and post a new HijackThis log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 09:23 AM   #17 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Well, the machine works pretty good,
No more pop ups, I was desperate!!!
Do you think I am clean now?
Thankyou very much!

That strange file I sent you in the zip file was a new virus? I had a rare sick?
Ok, that's too many questions, I think... :)
Here's my fresh Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 18.19.42, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\Apoint\Apoint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Apoint\Apntex.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\Sktempdm.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe
C:\Programmi\TrojanHunter 5.0\THGuard.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Digital Line Detect\DLG.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CNEXT.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alessio Zanibelli\Documenti\Old PC\Scaricati da Internet\Software Downloads\Antivirus e firewall\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmi\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programmi\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...Install_it.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{22C1497E-DFE3-44E6-9300-E3C8BEEA8A53}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{E91340B6-0763-419C-8972-99E1AB391528}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmi\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-01-2008, 09:39 AM   #18 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
In light of the fact that we found a new trojan which is poorly detected, it would be prudent to run one more online scan. I know these can take a while, but I think it's for the best.

We also have a bit more work to do...

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:
REGEDIT4

[-HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}]

[-hkey_local_machine\software\classes\typelib\{676F6D1D-C559-42A9-860B-27C1477B7179}]
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

Close HijackThis now.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-04-2008, 05:48 AM   #19 (permalink)
Axo
Registered User
 
Join Date: Jan 2008
Posts: 15
OS: win xp home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
Hi tetontob
I made quite all you teached me to do:
regedit4 done
Hijack to fix the "bad" issue done
ATF Cleaner for both browsers done

I had many problems with the ESET online scanner, in downloading and moreover to obtain a scan log... the log file can't be found at the location you gave me, I only found there a debuglog.txt that I post here:

# vers_standard_module=2846 (20080204)
# vers_arch_module=1.063 (20080117)
# vers_adv_heur_module=1.060 (20070601)

I don't give up and I'm starting right now a new scan session..

Now I watched almost the entire scan process, after a 20 mins. the scan ends closing the IE session, and if opened also other explore - also not in internet, but local - windows.

I was forgetting to tell you that the machine it's some days that to me seems to work well, it feels good!- just after comboFix corrections!!
Last edited by Axo; 02-04-2008 at 06:17 AM.
Axo is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-04-2008, 07:25 AM   #20 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,573
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous pop ups - Win32:Agent LVW(Trj) + CVE-2007-0038 found by AVAST
If Eset scanner is posing problems, run a new scan with Kaspersky.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:27 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84