Logfile of HijackThis v1.99.0
Scan saved at 18.25.59, on 19/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAMMI\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IBMMON.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\EUSEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMI\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAMMI\GFI\FAXMAKER CLIENT\FMCLMAN.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Programmi\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://telematicoprova.agenziadogane.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 128.0.0.201:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\HOTBAR2.DLL
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\HOTBAR2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Ibmmon.exe] Ibmmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [ICH Synth] eusexe.exe
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [Hotbar] rundll32.exe C:\WINDOWS\DOWNLO~1\HOTBAR2.DLL,Install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programmi\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: Norton System Doctor.lnk = C:\Programmi\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: FAX manager.lnk = C:\Programmi\GFI\FAXmaker Client\fmclman.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = bssped
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.1.2.1,151.99.125.2