Options
Trojan horse clicker.6.v
:bawling:
Help me please!
On the web there is no solutions to remove the trojan horse clicker.6.v from my pc!!!!
This is an old trojan but my computer is affected since a few days and the internet connection fails after just 2 minutes. The system is quite slow and the mouse click often doesn't work.
The trojan has been found by the AVG free edition, it removes the files but I think it is in the boot sector because even if I have cleaned the registry and deleted all the suspect files, when the system restarts and I connect to internet, the trojan appears again.
Now I'm writing from the office.
The problem is very very urgent!
Give me an idea to remove it from my pc!
Help me please!
On the web there is no solutions to remove the trojan horse clicker.6.v from my pc!!!!
This is an old trojan but my computer is affected since a few days and the internet connection fails after just 2 minutes. The system is quite slow and the mouse click often doesn't work.
The trojan has been found by the AVG free edition, it removes the files but I think it is in the boot sector because even if I have cleaned the registry and deleted all the suspect files, when the system restarts and I connect to internet, the trojan appears again.
Now I'm writing from the office.
The problem is very very urgent!
Give me an idea to remove it from my pc!
0
Comments
Don't worry too much. We will try and get this sorted for you
Can you do the following please to download HijackThis:
Create a new folder in your C: and name it HJT
Download the latest version from HERE
Save and unzip HJT to your new folder
Open HJT and click the Do a system scan and save a logfile button
Post the entire contents from Notepad here
==
If you could provide the info from AVG, that would be helpful too
The internet connection fails in a few minutes so he is not so sure to be able to download the tool.
Let us know if you have any problems
Thanks in advance for you precious help!!
Logfile of HijackThis v1.99.1
Scan saved at 17.16.09, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\system32\msDc0m.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MSconfig.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\windows\winsysban3.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Sonique\sqstart.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\LightFrame 3\LightFrameV3.exe
C:\WINDOWS\system32\wuauclt.exe
A:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [Service] msDc0m.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [MSconfig] MSconfig.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\RunServices: [Service] msDc0m.exe
O4 - HKLM\..\RunServices: [MSconfig] MSconfig.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Sonique\sqstart.exe -nostick
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\dyrpsetu.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\ijrnonce.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\ADHPRXY.DLL
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\wphext.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\bpowsewm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
I also suggest you print a copy of these instructions as you'll have no internet connection later on.
Step 1
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. With HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
Do not continue until this is done
Step 2
Download CWShredder from here.
Do NOT run a scan yet
Step 3
Download Ewido Security Suite
(the status bar at the bottom will display "Update successful")
Step 4
Go into Safe Mode - explained here
Step 5
We need to View Hidden Files and Folders
Step 6
Open CWShredder and click the FIX button. Close ALL browsers first.
Step 7
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WINDOWS\system32\msDc0m.exe
C:\windows\winsysban3.exe
c:\windows\myupdates.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain
Step 8
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [Service] msDc0m.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\RunServices: [Service] msDc0m.exe
- Close ALL open windows
Click Fix Checked
Step 9
Find and Delete the following - Don't be concerned if not all are found:
C:\WINDOWS\system32\msDc0m.exe << this file
C:\windows\winsysupd3.exe << this file
c:\windows\myupdates.exe << this file
Step 10
Please run Ewido (Do not use the computer while Ewido is scanning as it may interrupt the scan)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoStep 11
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
I have finally done all the steps of your previous post.
I had some problems to do them because for example, I told you the internet connection crashed after few minutes, so the ewido tool was not able to connect to the server to update the database, but I found a way to download the latest version with the updated database.
Here is the ewido report:
ewido anti-malware -
Rapporto Scansione
+
Creato il: 22.54.01, 01/02/2006 + Report-Checksum: C76C3062 + Risultati
scansione: C:\Documents and Settings\Ezio\Cookies\ezio@atdmt[1].txt ->
Spyware.Cookie.Atdmt : Pulito con Backup C:\Documents and
Settings\Ezio\Impostazioni locali\Temporary Internet
Files\Content.IE5\41ELGTQR\drsmartload[1].exe -> Downloader.Adload.j : Pulito
con Backup C:\Documents and Settings\Ezio\Impostazioni locali\Temporary Internet
Files\Content.IE5\41ELGTQR\winsysban3[1].exe -> Hijacker.VB.kc : Pulito con
Backup C:\Documents and Settings\Ezio\Impostazioni locali\Temporary Internet
Files\Content.IE5\41ELGTQR\winsysupd3[1].exe -> Hijacker.StartPage.ahg : Pulito
con Backup C:\Documents and Settings\Ezio\Impostazioni locali\Temporary Internet
Files\Content.IE5\GZIJ2LMN\drsmartload423a[1].exe -> Downloader.Adload.j :
Pulito con Backup C:\Documents and Settings\Ezio\Impostazioni locali\Temporary
Internet Files\Content.IE5\GZIJ2LMN\myupdates[1].exe -> Downloader.Adload.l :
Pulito con Backup C:\Documents and Settings\Proprietario\Impostazioni
locali\Temporary Internet Files\Content.IE5\07WPKPU7\drsmartload46a[1].exe ->
Downloader.Adload.j : Pulito con Backup C:\Documents and
Settings\Proprietario\Impostazioni locali\Temporary Internet
Files\Content.IE5\8JUBIPON\test[1].exe -> Spyware.Hijacker.Generic : Pulito con
Backup C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary
Internet Files\Content.IE5\FYZ912LD\test[1].exe -> Spyware.Hijacker.Generic :
Pulito con Backup C:\Documents and Settings\Proprietario\Impostazioni
locali\Temporary Internet Files\Content.IE5\FYZ912LD\winsysupd4[1].exe ->
Hijacker.StartPage.ahg : Pulito con Backup C:\Documents and
Settings\Proprietario\Impostazioni locali\Temporary Internet
Files\Content.IE5\O5MHCNIT\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy :
Pulito con Backup C:\Documents and Settings\Proprietario\Impostazioni
locali\Temporary Internet Files\Content.IE5\O5MHCNIT\winsysban4[1].exe ->
Hijacker.VB.kc : Pulito con Backup C:\Installer.exe -> Spyware.Look2Me : Pulito
con Backup C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Pulito con Backup
C:\os.exe -> Spyware.Hijacker.Generic : Pulito con Backup
C:\RECYCLER\S-1-5-21-2978310418-2753810611-484958275-500\Dc1.exe ->
Backdoor.Rbot.aeu : Pulito con Backup C:\WINDOWS\myupdates.exe ->
Downloader.Adload.l : Pulito con Backup C:\WINDOWS\system32\ADHPRXY.DLL ->
Spyware.Look2Me : Pulito con Backup C:\WINDOWS\system32\bpowsewm.dll ->
Spyware.Look2Me : Pulito con Backup C:\WINDOWS\system32\dyrpsetu.dll ->
Spyware.Look2Me : Pulito con Backup C:\WINDOWS\system32\ijrnonce.dll ->
Spyware.Look2Me : Pulito con Backup C:\WINDOWS\system32\wphext.dll ->
Spyware.Look2Me : Pulito con Backup C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc
: Pulito con Backup C:\WINDOWS\winsysban4.exe -> Hijacker.VB.kc : Pulito con
Backup C:\WINDOWS\winsysupd2.exe -> Hijacker.StartPage.ahg : Pulito con Backup
C:\WINDOWS\winsysupd3.exe -> Hijacker.StartPage.ahg : Pulito con Backup
C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Pulito con Backup ::Fine
Rapporto
and following the hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 22.58.46, on 01/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Sonique\sqstart.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\LightFrame 3\LightFrameV3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Sonique\sqstart.exe -nostick
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\dyrpsetu.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\ijrnonce.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\ADHPRXY.DLL (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\wphext.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\bpowsewm.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
Thanks for your patience!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
when running HijackThis and I can see in the new log and they still exist!!!
=====
Can you do the following please:
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\dyrpsetu.dll (file missing)
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\ijrnonce.dll (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\ADHPRXY.DLL (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\wphext.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\bpowsewm.dll (file missing)
- Close ALL open windows
Click Fix Checked
=====
Do you recognise this file?
C:\\gimmygames.exe
If not, then can you go here and in the box provided, paste the following. press SUBMIT. Save a copy of the results.
=====
Reboot and post a new HJT log and the results from the scan
in the meantime I'll be able to do what you wrote in the latest post, I'm very grateful for your help, it is very precious! Great!
Could I ask for a suggestion about a free software to install in addition to avg to protect my pc from the trojans attacks?
So you have AVG as an Anti-Virus - Great!
Do you have a Firewall?
Those two are the most important security programs to have.
Also get the following Anti-Spyware programs, if you havn't already got them.
Ad-Aware SE Personal
SpyBot Search & Destroy 1.4
SpywareBlaster 3.5.1
All are Free and available HERE. Keeping them updated, with regular scans should help you stay clean of spyware.
You can also download Microsoft Anti-Spyware.
Hope that helps and let me know when you have done steps in my previous post
A further information: do I have to install all of these or can I install only one of them?
Microsoft Anti-Spyware is optional.
Like I said, it is highly recommended that everyone has those three programs nowadays.
here is the log file you required. I have also deleted the c:\\gimmygames.exe because the tool you indicated to me said that the file have some trojans, so I have deleted it.
I hope the system is not yet infected. Let me know as soon as possible.
Bye,
Marisa
Logfile of HijackThis v1.99.1
Scan saved at 19.14.57, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\winsysban5.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\LightFrame 3\LightFrameV3.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\ucbui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
Go to Add/Remove programs in Control Panel and look for the following
TheSearchAccelerator
If found, please uninstall.
==========
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\gimmygames.exe
C:\winsysban5.exe
C:\windows\winsysupd5.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain
=========
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmi\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\ucbui.dll
- Close ALL open windows
Click Fix Checked
==========
View hidden files and folders – explained here
==========
Find and Delete the following, if found:
C:\Programmi\TheSearchAccelerator << this folder
C:\gimmygames.exe << this file
C:\winsysban5.exe << this file
C:\windows\winsysupd5.exe << this file
C:\WINDOWS\system32\ucbui.dll << this file
==========
Reboot and post a new HJT log
Do you recognise this IP address?
212.216.112.112,212.216.172.62
here is the last HijackThis log.
Unfortunately I don't know the Ip address you ask for, what can I do to understand if this ip address is harmful?
the log has still the "http://searchbar.findthewebsiteyouneed.com" entries!!!!
marisa
Logfile of HijackThis v1.99.1
Scan saved at 14.52.29, on 07/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Sonique\sqstart.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\LightFrame 3\LightFrameV3.exe
C:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Sonique\sqstart.exe -nostick
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B817C7E-B6D8-4C5A-9CB4-DB9FF719FFFA}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
Can you do the following please:
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
- Close ALL open windows
Click Fix Checked
==========
Open CWShredder and hit the *Fix* button
=====
Reboot your computer and post a new HJT log
Can you do this please:
Go to Start > Run > type cmd, press OK. In the window that opens, please type in ipconfig. Post back here, what is listed.
finally I'm able to do the reply.
following you can find the hijackthis.log
Logfile of HijackThis v1.99.1
Scan saved at 20.16.59, on 16/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Philips\LightFrame 3\LightFrameV3.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrame3IECOM.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmi\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E74CB5-714C-4598-A5ED-F9AC488A0B60}: NameServer = 212.216.112.112,212.216.172.62
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
and the ipconfig command result:
Scheda Ethernet Connessione alla rete locale (LAN):
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Scheda Ethernet Connessione alla rete locale (LAN) 2:
Stato supporto . . . . . . . . . . . : Supporto disconnesso
Scheda PPP Trust MD3100 USB ADSL MODEM:
Suffisso DNS specifico per connessione:
Indirizzo IP. . . . . . . . . . . . . : 87.3.79.89
Subnet mask . . . . . . . . . . . . . : 255.255.255.255
Gateway predefinito . . . . . . . . . : 87.3.79.89
moreover the ip config quite strange you try in the log, reffers to the net adapter installed as internet connection, I find this information in registry machine.
For some time the problem seems to be solved but suddenly AVG shows the following error messages:
myupdates[1].exe trojan horse downloader.generic.QQK
drsmartload423a[1].exe trojan horse downloader.generic.QTF
gimmygames[1].exe trojan horse download.vb.DM
Please help me to solve definitively the problem!
C:\drsmartload423a[1].exe
C:\gimmygames[1].exe
They should be located on your C:. If you can't see them, then make sure you can view hidden files and folders
Reboot and post a new log please
Can you tell me the name of your ISP?