C
Cekko
what appen? The file IEXPLORE.EXE is in our folder but not work, why?
H
Hans Le Roy
Hi Cekko,
Are you sure about that path? The \Programmi\ bit in it makes me think of a
malware (run Adaware and Spybot) or a poorly coded program.
Kind regards
Hans
Are you sure about that path? The \Programmi\ bit in it makes me think of a
malware (run Adaware and Spybot) or a poorly coded program.
Kind regards
Hans
C
Cekko
Hi Hans, ive winxpsp2 ita, and the folder "programmi" is regular 
Logfile of HijackThis v1.99.1
Scan saved at 12.26.01, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\ESET\nod32kui.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\IO\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tgsoft.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 192.168.55.253:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O4 - HKLM\..\Run: [SideWinderTrayV4]
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON
Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Invia a periferica &Bluetooth... -
C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2F7AC6FD-A576-4C40-895A-46EB847EFA93}:
NameServer = 88.149.128.12
O17 -
HKLM\System\CCS\Services\Tcpip\..\{BF7DC427-7587-401F-85E6-F0F9F9CBE60D}:
NameServer = 88.149.128.12,151.99.125.2
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset -
C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R)
Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 12.26.01, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\stsystra.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\ESET\nod32kui.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\IO\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tgsoft.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 192.168.55.253:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
O4 - HKLM\..\Run: [SideWinderTrayV4]
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON
Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk =
C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Invia a periferica &Bluetooth... -
C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth
Software\btsendto_ie.htm
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2F7AC6FD-A576-4C40-895A-46EB847EFA93}:
NameServer = 88.149.128.12
O17 -
HKLM\System\CCS\Services\Tcpip\..\{BF7DC427-7587-401F-85E6-F0F9F9CBE60D}:
NameServer = 88.149.128.12,151.99.125.2
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset -
C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel
Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas
www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R)
Corporation - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
G
Guest
Hans Le Roy said:
Adding to Hans Le Roy Advice, try this:
Right click the Icon on your Desktop and select properties from the list and
make sure these settings correct:
Click on Shortcut Tab:
Target: [ "C:\Programmi\Internet Explorer\IEXPLOREEXE" ]
Start in: [%HOMEDRIVE%%HOMEPATH% ]
Shortcut key: [ None ]
Run: [ Normal Window ][v]
Comment: [ Finds and displays information and web sites...
Click [OK] after making sure these settings correct and Hit F5 to refresh.
I noticed in your HijackThis Log that you are using proxy, Are you?.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 192.168.55.253:8080
Also you have an IP address which looks out of the 192.168.55.253 if that
your Router IP address in the proxy not a bad entry for intruder?.
HKLM\System\CCS\Services\Tcpip\..\{2F7AC6FD-A576-4C40-895A-46EB847EFA93}:
NameServer = 88.149.128.12
O17 -
HKLM\System\CCS\Services\Tcpip\..\{BF7DC427-7587-401F-85E6-F0F9F9CBE60D}:
NameServer = 88.149.128.12,151.99.125.2
The above usually used by bad site but not always, you can assign in the
same range of IP if you set your IPs to Static!.
I recommend running a virus scan on Line if you can connect with either The
Fox or IE to clean up and also send the report to the Italian Forum I linked
at the bottom of this message.
http://www.google.co.uk/search?hl=e...grammi\Internet+Explorer\IEXPLORE.EXE&spell=1
http://lists.debian.org/debian-italian/2004/11/msg00226.html
HijackThis Forum:
http://www.hijackthis.de/it
HTH.
nass
C
Cekko
Hi Nass, the browser (the error message) dont work even if i run directly in
folder..... if i doubleclick in
C:\Programmi\Internet Eplorer\IEXPLORE.EXE the program dont work and appear
the message..
folder..... if i doubleclick in
C:\Programmi\Internet Eplorer\IEXPLORE.EXE the program dont work and appear
the message..
G
Guest
Cekko said:
Yes, it will not becauser the pointer to the path is messed up and not
pointing to this Path or there is a space in the name?.
You didn't answer the reset about this IPs and is it belong to you or your
ISP asigned by them to you?.
Here is a link in Italian:
Reinstallazione o ripristino di Internet Explorer e Outlook Express in
Windows XP
http://support.microsoft.com/kb/318378/it
Here the Italian Newsgroup for IE and best if yiou mentioned IE6 or IE7 to
them:
http://www.microsoft.com/italy/comm...&cr=IT&r=61abe193-e593-42a8-906b-2a0fe914c430
HTH.
nass
P
PA Bear
Crossposted to microsoft.public.it.internet_explorer for better assistance.
SPOOLW.EXE is not a valid Windows file!
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org
SPOOLW.EXE is not a valid Windows file!
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org