Logfile of HijackThis v1.99.1
Scan saved at 11.50.28, on 24/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Compaq\EAB\EabServr.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkkif.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\xxyxw.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File
comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security
Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download
Express\Add_Url.htm
O8 - Extra context menu item: Si&milar Pages -
res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} - http://www.snapfish....ishUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
http://messenger.msn...pdownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
https://www-secure.s.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} - http://www29.compaq....co/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E527EABA-DA8B-4064-8F46-34AFDE33CF74}: NameServer =
192.168.1.2
O20 - Winlogon Notify: jkkif - C:\WINDOWS\SYSTEM32\jkkif.dll
O20 - Winlogon Notify: xxyxw - C:\WINDOWS\System32\xxyxw.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File
comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File
comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File
comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File
comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer
Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet
Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation -
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File
comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec
Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SYS MANAGER (system) - Unknown owner - C:\WINDOWS\SYSWIN32.EXE (file missing)
PS: why do I have 2 svchost.exe? I run Process Explorer and turns out there are more than 2 *scraches head* I'm coping process explorer log too...just in case
Process PID CPU Description Company Name
System Idle Process 0 70.87
Interrupts n/a 1.94 Hardware Interrupts
DPCs n/a 11.65 Deferred Procedure Calls
System 4 0.97
smss.exe 660 Windows NT Session Manager Microsoft Corporation
csrss.exe 708 Client Server Runtime Process Microsoft Corporation
winlogon.exe 732 Applicazione Accesso a Windows NT Microsoft Corporation
services.exe 776 1.94 Applicazione Servizi e Controller Microsoft Corporation
svchost.exe 964 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1000 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1088 Generic Host Process for Win32 Services Microsoft Corporation
CCPROXY.EXE 1148 Symantec Network Proxy Service Symantec Corporation
CCSETMGR.EXE 1228 Symantec Settings Manager Service Symantec Corporation
ISSVC.exe 1240 IS Service Symantec Corporation
SNDSrvc.exe 1572 Network Driver Service Symantec Corporation
SPBBCSvc.exe 1920 SPBBC Service Symantec Corporation
CCEVTMGR.EXE 684 Symantec Event Manager Service Symantec Corporation
spoolsv.exe 200 Spooler SubSystem App Microsoft Corporation
svchost.exe 288 Generic Host Process for Win32 Services Microsoft Corporation
alg.exe 1284 Application Layer Gateway Service Microsoft Corporation
ati2evxx.exe 1316
CDAC11BA.EXE 1476 Macrovision RTS Service Macrovision
CDANTSRV.EXE 1696 C-Dilla RTS Service C-Dilla Ltd
CPQDFWAG.EXE 1732 Compaq Diagnostics Application Compaq Computer Corporation
CTSVCCDA.EXE 904 Creative Service for CDROM Access Creative Technology Ltd
freepopsservice.exe 108
freepopsd.exe 176
NAVAPSVC.EXE 472 Norton AntiVirus Auto-Protect Service Symantec Corporation
svchost.exe 2204 Generic Host Process for Win32 Services Microsoft Corporation
symlcsvc.exe 2244 Symantec Core Component Symantec Corporation
fxssvc.exe 2628 Servizio Fax Microsoft Corporation
lsass.exe 788 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1016 Esplora risorse Microsoft Corporation
atiptaxx.exe 1704 ATI Desktop Control Panel ATI Technologies, Inc.
SynTPLpr.exe 1728 TouchPad Driver Helper Application Synaptics, Inc.
SynTPEnh.exe 1756 0.97 Synaptics TouchPad Enhancements Synaptics, Inc.
Directcd.exe 1844 DirectCD Application Roxio
eabservr.exe 2016 eabsrvr Compaq
CCAPP.EXE 276 Symantec User Session Symantec Corporation
TeaTimer.exe 792 0.97 System settings protector Safer Networking Limited
ctfmon.exe 1988 CTF Loader Microsoft Corporation
Plauto.exe 1544 Watcher for Photo Loader CASIO COMPUTER CO.,LTD.
notepad.exe 3132 Blocco note Microsoft Corporation
notepad.exe 2372 Blocco note Microsoft Corporation
firefox.exe 3436 Firefox Mozilla
procexp.exe 3428 15.53 Sysinternals Process Explorer Sysinternals
Process: Procexp Pid: -2
Type Name