Something is changing Internet Explorer's home page.
I read a former post about the topic, so I closed all the windows and ran Hijack This. This is the log:
Logfile of HijackThis v1.98.0
Scan saved at 14.22.19, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetm\services.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\MSC~1.ADA\network\win32\lmgrd.exe
E:\Programmi\DS Clock\dsclock.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\MSC~1.ADA\network\win32\adamsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Intel\ASF Agent\ASFAgent.exe
C:\Programmi\Google\ggviewer81-96.exe
C:\Programmi\Microsoft Hardware\Mouse\POINT32.EXE
H:\testi\transit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchportal.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchportal.info
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.piaggio.com:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = piaggionet*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - e:\Programmi\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programmi\Bouncer\LiveUpdate.exe 110
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Babylon Translator] C:\Programmi\Babylon\Babylon.exe
O4 - HKCU\..\Run: [DS Clock] "e:\Programmi\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\services.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Eudora.lnk = C:\Eudora\Eudora.exe
O4 - Startup: SpywareGuard.lnk = E:\programmi\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\Software\..\Telephony: DomainName = piaggio.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
Can you please help me to solve the problem? Thank you very much.
Riccardo Testi
I read a former post about the topic, so I closed all the windows and ran Hijack This. This is the log:
Logfile of HijackThis v1.98.0
Scan saved at 14.22.19, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetm\services.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\MSC~1.ADA\network\win32\lmgrd.exe
E:\Programmi\DS Clock\dsclock.exe
C:\Programmi\Microsoft Office\Office\1040\msoffice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\MSC~1.ADA\network\win32\adamsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Intel\ASF Agent\ASFAgent.exe
C:\Programmi\Google\ggviewer81-96.exe
C:\Programmi\Microsoft Hardware\Mouse\POINT32.EXE
H:\testi\transit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchportal.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchportal.info
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.piaggio.com:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = piaggionet*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - e:\Programmi\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Bouncer RunStartup] C:\Programmi\Bouncer\LiveUpdate.exe 110
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Babylon Translator] C:\Programmi\Babylon\Babylon.exe
O4 - HKCU\..\Run: [DS Clock] "e:\Programmi\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\services.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Eudora.lnk = C:\Eudora\Eudora.exe
O4 - Startup: SpywareGuard.lnk = E:\programmi\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\Software\..\Telephony: DomainName = piaggio.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = piaggio.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{12DB117D-8366-4D1A-B2A4-06052995D77B}: NameServer = 10.10.1.2,10.10.1.3
Can you please help me to solve the problem? Thank you very much.
Riccardo Testi