Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 p2p worm Alcan.a

Started by aqes23 , Dec 06 2006 05:42 PM

  • Please log in to reply

#1
aqes23
Posted 06 December 2006 - 05:42 PM

aqes23

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

The worm Win32 P2P Alcan.a came with the Shareaza p2p program, have tried different removals already without any luck.
It seems to create folders in program files/shareaza/downloads where it drops a large amount of files when connected to the internet. Shareaza restarts automatically every time I close it and the task manager doesn´t show.

any help would be greatly appreciated!

Here´s my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 00:28:29, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\HIJT\HiJKThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96485D7D-C8A8-48A5-B15D-EE8AA54F5195}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
  • 0

Advertisements

#2
MFDnSC
Posted 06 December 2006 - 07:17 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
1. Download this file :

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


===========================
Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0

#3
aqes23
Posted 07 December 2006 - 02:22 AM

aqes23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for your reply. For one thing, Shareaza does not seem to automatically start itself, but I'm not sure my system is clean. Here are the logs you requested:

Edoardo - 06-12-07 2:24:41.85 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Edoardo\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\outlook
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-07 00:54 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-07 00:24 <DIR> d-------- C:\Program Files\HIJT
2006-12-06 20:11 <DIR> d-------- C:\Program Files\Easy Video Splitter
2006-12-06 19:57 0 --a------ C:\WINDOWS\system32\taskkill.exe
2006-12-06 19:57 0 --a------ C:\WINDOWS\b.exe
2006-12-06 00:50 79,360 --a------ C:\WINDOWS\system32\lfeps13s.dll
2006-12-06 00:50 74,752 --a------ C:\WINDOWS\system32\lfgif13s.dll
2006-12-06 00:50 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2006-12-06 00:50 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2006-12-06 00:50 194,248 --a------ C:\WINDOWS\system32\LTRFD13n.DLL
2006-12-06 00:50 185,856 --a------ C:\WINDOWS\system32\lfpng13s.dll
2006-12-06 00:49 930,992 --------- C:\WINDOWS\system32\Ltr13n.dll
2006-12-06 00:49 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
2006-12-06 00:49 80,896 --------- C:\WINDOWS\system32\lfwmf13s.dll
2006-12-06 00:49 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2006-12-06 00:49 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2006-12-06 00:49 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2006-12-06 00:49 70,144 --------- C:\WINDOWS\system32\lfbmp13s.dll
2006-12-06 00:49 65,536 --------- C:\WINDOWS\system32\lfpcx13s.dll
2006-12-06 00:49 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2006-12-06 00:49 64,512 --------- C:\WINDOWS\system32\lftga13s.dll
2006-12-06 00:49 59,904 --------- C:\WINDOWS\system32\lfpcd13s.dll
2006-12-06 00:49 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2006-12-06 00:49 409,600 --------- C:\WINDOWS\system32\LFCMP13s.DLL
2006-12-06 00:49 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2006-12-06 00:49 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2006-12-06 00:49 306,352 --------- C:\WINDOWS\system32\Ltrio13n.dll
2006-12-06 00:49 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2006-12-06 00:49 283,648 --------- C:\WINDOWS\system32\LFJ2K13s.dll
2006-12-06 00:49 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2006-12-06 00:49 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2006-12-06 00:49 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2006-12-06 00:49 2,079,232 --------- C:\WINDOWS\system32\LTCLR13s.dll
2006-12-06 00:49 167,936 --------- C:\WINDOWS\system32\lftif13s.dll
2006-12-06 00:49 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2006-12-06 00:49 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2006-12-06 00:49 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2006-12-06 00:49 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
2006-12-06 00:49 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
2006-12-06 00:49 116,224 --------- C:\WINDOWS\system32\lffax13s.dll
2006-12-06 00:49 110,080 --------- C:\WINDOWS\system32\lfpsd13s.dll
2006-12-06 00:49 105,984 --------- C:\WINDOWS\system32\lfpct13s.dll
2006-12-06 00:49 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2006-12-06 00:49 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
2006-12-06 00:47 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2006-12-06 00:47 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2006-12-06 00:47 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2006-12-06 00:47 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2006-12-06 00:47 <DIR> d-------- C:\WINDOWS\Cache
2006-12-06 00:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2006-12-06 00:41 <DIR> d-------- C:\Program Files\SmartSound Software
2006-12-06 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2006-12-06 00:40 95 --a------ C:\AUTOEXEC.BAT
2006-12-06 00:40 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2006-12-06 00:39 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2006-12-06 00:39 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2006-12-06 00:39 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2006-12-06 00:39 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2006-12-06 00:39 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2006-12-06 00:38 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2006-12-06 00:38 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2006-12-06 00:37 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2006-12-06 00:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-12-06 00:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2006-12-06 00:35 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2006-12-06 00:35 <DIR> d-------- C:\Program Files\Pinnacle
2006-12-06 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2006-12-06 00:21 <DIR> d-------- C:\Program Files\IsoBuster
2006-11-19 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-16 20:24 61,440 --a------ C:\WINDOWS\system32\AVSReub.exe
2006-11-16 20:24 32,768 --a------ C:\WINDOWS\system32\AVSTabla.dll
2006-11-16 20:24 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-11-16 20:24 139,331 --a------ C:\WINDOWS\system32\AVS.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 01:54 -------- d-------- C:\Program Files\WinRAR
2006-12-07 01:54 -------- d-------- C:\Program Files\Spybot
2006-12-07 01:54 -------- d-------- C:\Program Files\Shareaza
2006-12-07 01:45 -------- d-------- C:\Program Files\Internet Explorer
2006-12-07 01:42 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-12-07 01:42 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-12-07 00:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-06 22:16 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\Skype
2006-12-06 20:27 -------- d-------- C:\Program Files\Image-Line
2006-12-06 00:49 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-06 00:39 -------- d-------- C:\Program Files\DivX
2006-12-05 23:07 -------- d-------- C:\Program Files\Soulseek
2006-12-05 11:53 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\Adobe
2006-12-04 19:22 -------- d-------- C:\Program Files\NetMeeting
2006-12-03 16:28 -------- d-------- C:\Program Files\Java
2006-12-02 16:52 -------- d-------- C:\Program Files\VoipBuster
2006-12-02 14:56 -------- d-------- C:\Program Files\Logitech
2006-11-13 19:26 -------- d---s---- C:\Documents and Settings\Edoardo\Application Data\Microsoft
2006-11-12 23:07 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\Macromedia
2006-11-12 23:05 -------- d-------- C:\Program Files\Macromedia
2006-11-09 20:40 -------- d-------- C:\Program Files\Common Files
2006-11-08 23:40 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-11-05 00:19 -------- d-------- C:\Program Files\EphPod
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 14:22 -------- d-------- C:\Program Files\VstPlugins
2006-11-02 01:21 -------- d-------- C:\Program Files\Lavasoft
2006-11-02 01:21 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\Lavasoft
2006-11-01 20:53 -------- d-------- C:\Program Files\Media Tagger
2006-11-01 16:37 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\HP
2006-11-01 16:37 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\CyberLink
2006-10-31 13:03 -------- d-------- C:\Program Files\ArtisanDVDPlayer
2006-10-31 12:53 -------- d-------- C:\Program Files\Winamp
2006-10-24 12:39 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\AdobeUM
2006-10-15 00:13 -------- d-------- C:\Program Files\XviD
2006-10-14 20:35 76632 --a------ C:\Documents and Settings\Edoardo\Application Data\GDIPFONTCACHEV1.DAT
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-08 21:48 -------- d-------- C:\Documents and Settings\Edoardo\Application Data\Real
2006-10-08 21:47 -------- d-------- C:\Program Files\Real
2006-10-08 21:47 -------- d-------- C:\Program Files\Common Files\xing shared
2006-10-08 21:47 -------- d-------- C:\Program Files\Common Files\Real
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-09 13:49 0 -rahs---- C:\MSDOS.SYS
2006-09-09 13:49 0 -rahs---- C:\IO.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65,\
74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63,\
68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74,\
61,72,74,00
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-07 2:27:31.76
C:\ComboFix.txt ... 06-12-07 02:27



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:15:04 07/12/2006

+ Scan result:



HKU\S-1-5-21-1282134651-2784717666-3098042486-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1282134651-2784717666-3098042486-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BF5B8FC-11CB-409F-8C91-4D4CA04A1B6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029880.exe -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0048127.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0048159.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0048199.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049207.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049234.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049256.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029864.dll -> Downloader.Zlob.ahr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029865.exe -> Downloader.Zlob.ahr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029815.exe -> Downloader.Zlob.auc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029837.exe -> Downloader.Zlob.auc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029871.exe -> Downloader.Zlob.auc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029872.exe -> Downloader.Zlob.auc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029814.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029816.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029836.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029840.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029866.dll -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029867.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029868.exe -> Downloader.Zlob.aue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0047886.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0047888.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0048184.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049263.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049265.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP51\A0029857.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.36:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.37:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.464:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Edoardo\Cookies\edoardo@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Edoardo\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.96:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.97:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.79:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.23:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.24:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Edoardo\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.359:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.360:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.361:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.362:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.363:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.412:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.413:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.414:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.415:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.379:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.416:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.417:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.418:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.419:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.239:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.26:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.27:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.28:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.29:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.258:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.259:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.260:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.261:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.115:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.116:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.117:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.118:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.285:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.286:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.287:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.288:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.289:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.82:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.83:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.84:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.85:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.89:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.90:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.91:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.92:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.93:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.371:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.385:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.386:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.387:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.388:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.389:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.390:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.391:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.392:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.393:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.394:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.395:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.396:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.397:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.398:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.300:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.301:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.302:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.309:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.310:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.330:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.347:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.351:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.352:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.353:C:\Documents and Settings\Edoardo\Application Data\Mozilla\Firefox\Profiles\du3627rk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP71\A0045883.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP89\A0049264.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 09:18:06, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alias\Maya6.5\docs\wrapper.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alias\Maya6.5\docs\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HIJT\HiJKThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96485D7D-C8A8-48A5-B15D-EE8AA54F5195}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Maya 6.5 Documentation Server (maya65docserver) - Unknown owner - C:\Program Files\Alias\Maya6.5\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya6.5\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
  • 0

#4
MFDnSC
Posted 07 December 2006 - 12:12 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
How are things now??

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0

#5
aqes23
Posted 07 December 2006 - 01:06 PM

aqes23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok, I did that, things seem to be ok. The two strange folders in my shareaza/downloads folder are still there though...should I simply shift-delete them? One is called 'shared' and is empty, the other is called '_' and it contained a file called something like: 'xzxzxzxzxz.exe', but I see that since I turned off system restore and turned it back on it is gone. Simply shift-delete those empty folders?
  • 0

#6
MFDnSC
Posted 07 December 2006 - 03:31 PM

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
I would and I'd also get rid of Shareza and any other P2P programs
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP