Hi,

Open NotePad, and copy the contents of the below "Quode" box:-
cd %windir%
attrib -s -r -h image.exe
del image.exe
Go to File Menu >Save As, and save the file with the name Test.bat and exit from NotePad.

Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.

Download CCleaner and install it. Do not run it now.

Download Sysclean Pacakge , create a folder named Sysclean on Desktop, and put the downloaded file to that folder. Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Go to Start > Run and type services.msc and press ENTER. In the Services window that opens up, navigate to the service named WIN32 (image) and right-click it, and select "Properties".
In the Property window, click Stop in the "Service Status" option box. After this, in the "Startup" option box, select Disabled from the dropdown menu. Click "Apply" and then "OK".

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Double-Click on the file Test.bat, a small DOS type window should open and close immediately.

Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options.
Finally click "Run Cleaner" and click "OK" to continue cleaning.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Start" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

Next, double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file.

Reboot to normal mode, run HijackThis again, and post a fresh log along with Sysclean and Ewido logs.

Hi,
Log looks clean :) Is your Norton AntiVirus giving any alarms?

And, for the performance of the system, you can perform Disk Defragmenter. This is avaialble in Start > All Programs > Accessories > System Tools. Defrag all the hard disk partions.
Also, close not-so-important processes running in background, like WinZIP QuickPick. Right-click on the WinZip icon in System Tray, and click "Close and Remove" and click OK.

Hi,
Does your Modem give you "There is no dial tone" error? If yes, then you can make Modem not to wait for dialtone. Go to Start > Control Panel. Here click "Modems" (or "Phone And Modems") button. Here click "Properties," button and in General tab, uncheck the option "Wait for dial tone before dialling" and click "OK".

i have trojan.cachecachekit and i cant for the life of me figure out how to remove it , can i post my hijackthis log so someone can walk me though it ?

i have trojan.cachecachekit and i cant for the life of me figure out how to remove it , can i post my hijackthis log so someone can walk me though it ?

Hi tofadeisastart :),
Please start a new topic and post your log file in that topic. You can start a new topic by clicking the "New Thread" button present in the upper-left corner of this page .

hello i just recently got this trojan. i was using aol instant messenger and one of my friends had the trojan, and it automatically sent a message containing a link, asking to click the link and open a file, well stupid me totally forgot that it was an auto message and was not really my friend asking me to open a file, so i clicked the link, i opened it, ran it and everything, and before i knew it i had a trojan on my system. it was the cachecachekit trojan, or rdriv.sys, it changed file names frequently. my symantec corporate edition disovered the trojan and quarantined it over and over but the trojan kept repeating so finally i deleted all files of the trojan via symantec. now that i have done that, my symantec does not automatically pop up notifying me of a trojan, and whenever i complete a full scan of my system using symantec, it shows no viruses, trojans, etc. so im pretty sure the trojan is gone. the bad thing is that while it was still alive and running is it changed a lot of my settings:
-i cannot access any symantec webpage.
-it has turned my windows firewall off, and everything is grayed out so i am unable to turn it back on. it says that group policy is controlling these firewall settings.

i tried acessing group policy to change the firewall settings, i looked around and couldnt find anything. i dont know too much about computers and would greatly appreciated it if anyone could help me totally remove all of this junk and messed up settings, and get my computer back to normal with normal settings. email me or reply if you need any other information as to helping me out. please help, thanks.

Hi josh48315,
Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.

Please start a new topic and post the complete HijackThis log file in that topic. You can start a new topic by clicking the "New Thread" button present in the upper-left corner of this page .

Hi josh48315,
Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.

Please start a new topic and post the complete HijackThis log file in that topic. You can start a new topic by clicking the "New Thread" button present in the upper-left corner of this page .

ok you're telling me to do all of that, what is it i am doing? what will posting this do?

Hi,
HijackThis searches in some key areas of the System and Windows Registry and pulls out the information from it. By this way, the virus/spyware related files can be removed manually. BUT these key areas are used by both legitimate and bad software/files. So, do NOT remove any of the entries that HijackThis shows by yourself! Post the log file, so that we can take a look on it.

hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:30 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O1 - Hosts: 127.0.2.5 sarc.com
O1 - Hosts: 127.0.2.5 www.sarc.com
O1 - Hosts: 127.0.2.5 www.sophos.com
O1 - Hosts: 127.0.2.5 sophos.com
O1 - Hosts: 127.0.2.5 www.mcafee.com
O1 - Hosts: 127.0.2.5 mcafee.com
O1 - Hosts: 127.0.2.5 www.viruslist.com
O1 - Hosts: 127.0.2.5 viruslist.com
O1 - Hosts: 127.0.2.5 f-secure.com
O1 - Hosts: 127.0.2.5 www.f-secure.com
O1 - Hosts: 127.0.2.5 f-prot.com
O1 - Hosts: 127.0.2.5 www.f-prot.com
O1 - Hosts: 127.0.2.5 kaspersky.com
O1 - Hosts: 127.0.2.5 kaspersky-labs.com
O1 - Hosts: 127.0.2.5 www.avp.com
O1 - Hosts: 127.0.2.5 avp.com
O1 - Hosts: 127.0.2.5 www.kaspersky.com
O1 - Hosts: 127.0.2.5 www.networkassociates.com
O1 - Hosts: 127.0.2.5 networkassociates.com
O1 - Hosts: 127.0.2.5 www.ca.com
O1 - Hosts: 127.0.2.5 ca.com
O1 - Hosts: 127.0.2.5 mast.mcafee.com
O1 - Hosts: 127.0.2.5 my-etrust.com
O1 - Hosts: 127.0.2.5 www.my-etrust.com
O1 - Hosts: 127.0.2.5 download.mcafee.com
O1 - Hosts: 127.0.2.5 dispatch.mcafee.com
O1 - Hosts: 127.0.2.5 secure.nai.com
O1 - Hosts: 127.0.2.5 nai.com
O1 - Hosts: 127.0.2.5 www.nai.com
O1 - Hosts: 127.0.2.5 vil.nai.com
O1 - Hosts: 127.0.2.5 us.mcafee.com
O1 - Hosts: 127.0.2.5 rads.mcafee.com
O1 - Hosts: 127.0.2.5 trendmicro.com
O1 - Hosts: 127.0.2.5 www.trendmicro.com
O1 - Hosts: 127.0.2.5 housecall.trendmicro.com
O1 - Hosts: 127.0.2.5 pandasoftware.com
O1 - Hosts: 127.0.2.5 www.pandasoftware.com
O1 - Hosts: 127.0.2.5 www.trendmicro.com
O1 - Hosts: 127.0.2.5 free.grisoft.com
O1 - Hosts: 127.0.2.5 www.grisoft.com
O1 - Hosts: 127.0.2.5 grisoft.com
O1 - Hosts: 127.0.2.5 clamav.net
O1 - Hosts: 127.0.2.5 www.clamav.net
O1 - Hosts: 127.0.2.5 free-av.com
O1 - Hosts: 127.0.2.5 www.free-av.com
O1 - Hosts: 127.0.2.5 www.avast.com
O1 - Hosts: 127.0.2.5 avast.com
O1 - Hosts: 127.0.2.5 cert.org
O1 - Hosts: 127.0.2.5 www.cert.org
O1 - Hosts: 127.0.2.5 www.microsoft.com
O1 - Hosts: 127.0.2.5 microsoft.com
O1 - Hosts: 127.0.2.5 www.virustotal.com
O1 - Hosts: 127.0.2.5 virustotal.com
O1 - Hosts: 127.0.2.5 update.microsoft.com
O1 - Hosts: 127.0.2.5 windowsupdate.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1125371179109
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DirectX Drivers - Unknown owner - C:\WINDOWS\D1rectX.exe (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

if you need any other information email or messare or reply, thanks a lot.

i read a really similar discussion in the web, with the same problem. Norton antivirus, and also Sophos, find it every second. I tryed to follow the instructions in the other forum, but there is again.

This is my hijackthis.log now

Logfile of HijackThis v1.99.1
Scan saved at 20.32.56, on 27/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
c:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Programmi\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\HELPEX~1\SMARTB~1\MotiveSB.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sophos\AutoUpdate\ALMon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\winsmc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Davide\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\HELPEX~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Programmi\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25d4449a8db01f22e105/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127828733062
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62958EE5-EB6B-4FE2-A7C8-48DF25167C12}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MS Smc Service (MSsmc) - Unknown owner - C:\WINDOWS\winsmc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Crea report sullo stato di Sophos Anti-Virus (SAVAdminService) - Sophos plc - c:\Programmi\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Programmi\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Programmi\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This is rdriv.txt

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

this is ewido log

---------------------------------------------------------
ewido security suite - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 19.29.49, 27/09/2005
+ Report-Checksum: 836CD19D

+ Risultati scansione:

HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Pulito con Backup
HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Pulito con Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@2o7[1].txt -> Spyware.Cookie.2o7 : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@atdmt[1].txt -> Spyware.Cookie.Atdmt : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@com[2].txt -> Spyware.Cookie.Com : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@e-2dj6wjkowldjoko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@e-2dj6wjnyojdjcko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@estat[1].txt -> Spyware.Cookie.Estat : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@fastclick[2].txt -> Spyware.Cookie.Fastclick : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@statcounter[1].txt -> Spyware.Cookie.Statcounter : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Pulito con Backup
C:\Documents and Settings\Davide\Cookies\davide@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Pulito con Backup
C:\Documents and Settings\Davide\Impostazioni locali\Temporary Internet Files\Content.IE5\SH0BKBS7\s_ta_ts[1].js -> TrojanDownloader.Inor.a : Pulito con Backup
C:\Documents and Settings\Davide\Impostazioni locali\Temporary Internet Files\Content.IE5\ZSGC9XNA\b[1].jar/Dummy.class -> Trojan.Byteverify : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@adtech[2].txt -> Spyware.Cookie.Adtech : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@atdmt[2].txt -> Spyware.Cookie.Atdmt : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Pulito con Backup
C:\Documents and Settings\Emanuele\Cookies\emanuele@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Pulito con Backup
C:\Documents and Settings\Emanuele\Impostazioni locali\Temporary Internet Files\Content.IE5\LLT2ZBDA\eied_s7_70[1].cab/eied_s7_c_70.exe -> TrojanDownloader.Mediket.ay : Pulito con Backup
C:\WINDOWS\Temp\tmp12B1.tmp -> Trojan.Rootkit.k : Pulito con Backup
C:\WINDOWS\Temp\tmp39.tmp -> Trojan.Rootkit.k : Pulito con Backup
C:\WINDOWS\Temp\tmp3F.tmp -> Trojan.Rootkit.k : Pulito con Backup

::Fine Rapporto

I'm still doing now panda on-line, and in the meanwhile, the window alert of the virus continue to appear

Hi phidias,
Please start your own topic and post the HijackThis log and (if possible) Panda ActiveScan log in that topic:) You can start a new topic by clicking the "New Thread" button present in the upper-left corner of this page --> http://www.daniweb.com/techtalkforums/forum64.html

Have you tried removing the W32.Spybot.NLX which is said to be the culprit? You may also follow the procedure in Trojan.Cachecachekit Removal .