Logfile of HijackThis v1.98.0
Scan saved at 10.34.24, on 09/08/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammiSygateSPFsmc.exe
C:WINDOWSExplorer.EXE
C:ProgrammiFile comuniRealUpdate_OB ealsched.exe
C:ProgrammiAVPersonalAVGNT.EXE
C:ProgrammiIPMAdslDataWaydslstat.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32dslagent.exe
C:WINDOWSSystem32 undll32.exe
C:documents and settingsadministratorimpostazioni locali empfsg_4104.exe
C:ProgrammiJavaj2re1.4.2_04injusched.exe
C:ProgrammiAVPersonalAVGUARD.EXE
C:ProgrammiRamboosterRambooster.exe
C:ProgrammiAVPersonalAVWUPSRV.EXE
C:WINDOWSsystem32cisvc.exe
C:ProgrammiFile comuniEPSONEBAPISAgent2.exe
C:ProgrammieMuleemule.exe
C:WINDOWSsystem32cidaemon.exe
C:Documents and SettingsAdministratorDesktopHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:ProgrammiMyWaymyBar2.binMYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:ProgrammiNewDotNet
ewdotnet4_85.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: C:WINDOWSlbbho.dll - {74E590C5-9CB2-410F-BAD0-C9E0CA7B310A} - C:WINDOWSlbbho.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem216.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:PROGRA~1STARDO~1SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:ProgrammiMyWaymyBar2.binMYBAR.DLL
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:ProgrammiCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [EPSON Stylus C62 Series (Copia 1)] C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P33 "EPSON Stylus C62 Series (Copia 1)" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM..Run: [EPSON Stylus C62 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM..Run: [TkBellExe] "C:ProgrammiFile comuniRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [winregsrv] C:WINDOWSSystem32winregsrv.exe
O4 - HKLM..Run: [Rundil] C:WindowsSystemRundil.exe
O4 - HKLM..Run: [AVGCtrl] "C:ProgrammiAVPersonalAVGNT.EXE" /min
O4 - HKLM..Run: [DSLSTATEXE] C:ProgrammiIPMAdslDataWaydslstat.exe icon
O4 - HKLM..Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..Run: [avserve2.exe] C:WINDOWSavserve2.exe
O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NewDotNet
ewdotnet4_85.dll,NewDotNetStartup
O4 - HKLM..Run: [Trickler] "c:documents and settingsadministratorimpostazioni locali empfsg_4104.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammiJavaj2re1.4.2_04injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKCU..Run: [RamBooster] C:ProgrammiRamboosterRambooster.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Download with &DAP - C:PROGRA~1DAPdapextie.htm
O8 - Extra context menu item: Download with Star Downloader - C:ProgrammiStar Downloadersdie.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammiMessengerMSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mid: C:ProgrammiInternet ExplorerPLUGINS
pqtplugin.dll
O12 - Plugin for .pdf: C:ProgrammiInternet ExplorerPLUGINS
ppdf32.dll
O12 - Plugin for .wav: C:ProgrammiInternet ExplorerPLUGINS
pqtplugin.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffer ... 9tlch5.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-opt ... tiDist.CAB
O17 - HKLMSystemCCSServicesTcpip..{AF3A893B-BC0C-4182-B28F-483E59D1BE12}: NameServer = 81.74.225.227 151.99.125.1
O18 - Filter: text/html - {9C1494BE-173E-44B5-B38B-59E6637F04F5} - C:WINDOWSSystem32klgecda.dll
O18 - Filter: text/plain - {9C1494BE-173E-44B5-B38B-59E6637F04F5} - C:WINDOWSSystem32klgecda.dll