Microsoft
Software
Hardware
Network
Question : slow loading times on win xp home from fresh install
i have just reinstalled the compter, now it is taking for ever to load up. and i peroticaly loose internet. i have done virus scans and have come up with some stuff but got rid of them. same with spyware.
here is my hijack this log i hope this is what you need to help me with. i have looked at other answers on these fourms but though some worked partlaly none of them solved the problem. oh and im getting the general win32 error that is common with the sassor virus but i dont have it on my system...
StartupList report, 12/12/2005, 3:26:19 PM
StartupList version: 1.52.2
Started from : D:\Documents and Settings\Owner\My Documents\My Received Files\hijackthis\HijackThi
s.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==========================
==========
==========
====
Running processes:
D:\WINDOWS\System32\smss.e
xe
D:\WINDOWS\system32\winlog
on.exe
D:\WINDOWS\system32\servic
es.exe
D:\WINDOWS\system32\lsass.
exe
D:\WINDOWS\system32\svchos
t.exe
D:\WINDOWS\system32\spools
v.exe
C:\PROGRA~1\SHAWSE~1\backw
eb\3875767
\Program\S
ERVIC~1.EX
E
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Shaw Secure\backweb\3875767\Pro
gram\fspex
.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st
.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.E
XE
C:\Program Files\Shaw Secure\backweb\3875767\pro
gram\fsbws
ys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.e
xe
D:\WINDOWS\System32\nvsvc3
2.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
D:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.e
xe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd
.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
D:\WINDOWS\system32\txwyrn
bske.EXE
C:\Program Files\USB Storage RW\udsi.exe
D:\WINDOWS\system32\wuaucl
t.exe
C:\PROGRA~1\SHAWSE~1\ANTI-
S~1\fsaw.e
xe
C:\windows\system\hpsysdrv
.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\Digi
tal Imaging\Unload\hpqcmon.exe
D:\WINDOWS\system32\rundll
32.exe
D:\Documents and Settings\Owner\My Documents\My Received Files\hijackthis\HijackThi
s.exe
D:\WINDOWS\System32\svchos
t.exe
--------------------------
----------
----------
----
Listing of startup folders:
Shell folders Startup:
[D:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Pro
gram\fspex
.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------
----------
----------
----
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\W
indows NT\CurrentVersion\Winlogon
]
UserInit = C:\WINDOWS\system32\userin
it.exe,
[HKLM\Software\Microsoft\W
indows\Cur
rentVersio
n\Winlogon
]
*Registry key not found*
[HKCU\Software\Microsoft\W
indows NT\CurrentVersion\Winlogon
]
*Registry value not found*
[HKCU\Software\Microsoft\W
indows\Cur
rentVersio
n\Winlogon
]
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\Run
KBD = C:\HP\KBD\KBD.EXE
HotKeysCmds = C:\WINDOWS\System32\hkcmd.
exe
F-Secure Manager = "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
F-Secure TNB = "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
F-Secure Startup Wizard = "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
Share-to-Web Namespace Daemon = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Recguard = C:\WINDOWS\SMINST\RECGUARD
.EXE
PS2 = C:\WINDOWS\system32\ps2.ex
e
News Service = "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
NAV CfgWiz = c:\PROGRA~1\NORTON~1\Cfgwi
z.exe /R
MICROSFT ANTIVIRUS UPDATE SUPPORT = txwyrnbske.EXE
KYE_UDSI = "C:\Program Files\USB Storage RW\udsi.exe
IgfxTray = C:\WINDOWS\System32\igfxtr
ay.exe
hpsysdrv = c:\windows\system\hpsysdrv
.exe
GlobalSCAPE = tffcdua.exe
ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
CamMonitor = c:\Program Files\Hewlett-Packard\Digi
tal Imaging\Unload\hpqcmon.exe
BCNT = C:\PROGRA~1\AWS\WEATHE~1\B
CNT.EXE
AlcxMonitor = ALCXMNTR.EXE
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnce
*No values found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnceEx
*No values found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
es
GlobalSCAPE = tffcdua.exe
MICROSFT ANTIVIRUS UPDATE SUPPORT = txwyrnbske.EXE
Network Virtual Daemon = ntvdmn.exe
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
esOnce
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Run
NVIEW = rundll32.exe nview.dll,nViewLoadHook
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnce
*No values found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnceEx
*No values found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
es
*No values found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
esOnce
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows NT\CurrentVersion\Run
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows NT\CurrentVersion\Run
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\Run
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnce
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnceEx
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
es
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
esOnce
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Run
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnce
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunOnceEx
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
es
*No subkeys found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\RunServic
esOnce
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Wi
ndows NT\CurrentVersion\Run
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Wi
ndows NT\CurrentVersion\Run
*Registry key not found*
--------------------------
----------
----------
----
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\
shell\open
\command
(Default) = "%1" %*
--------------------------
----------
----------
----
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\
shell\open
\command
(Default) = "%1" %*
--------------------------
----------
----------
----
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\
shell\open
\command
(Default) = "%1" %*
--------------------------
----------
----------
----
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\
shell\open
\command
(Default) = "%1" %*
--------------------------
----------
----------
----
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\
shell\open
\command
(Default) = "%1" /S
--------------------------
----------
----------
----
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\
shell\open
\command
(Default) = C:\WINDOWS\System32\mshta.
exe "%1" %*
--------------------------
----------
----------
----
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\
shell\open
\command
(Default) = %SystemRoot%\system32\NOTE
PAD.EXE %1
--------------------------
----------
----------
----
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Ac
tive Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab
-0080c74c7
e95}]
StubPath = C:\WINDOWS\inf\unregmp2.ex
e /ShowWMP
[>{26923b43-4d38-484f-9b9e
-de4607462
76c}] *
StubPath = %systemroot%\system32\shmg
rate.exe OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061
-f3f88e8be
88a}] *
StubPath = %systemroot%\system32\shmg
rate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-
F3508C9228
ED}] *
StubPath = %SystemRoot%\system32\regs
vr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\them
eui.dll
[{44BBA840-CC51-11CF-AAFA-
00AA00B601
5C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-
00AA00B601
5B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
on C:\WINDOWS\INF\msnetmtg.in
f,NetMtg.I
nstall.Per
User.NT
[{4b218e3e-bc98-4770-93d3-
2731b93292
78}] *
StubPath = %SystemRoot%\System32\rund
ll32.exe setupapi,InstallHinfSectio
n MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-
00c04fd912
be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
on C:\WINDOWS\INF\msmsgs.inf,
BLC.QuietI
nstall.Per
User
[{6BF52A52-394A-11d3-B153-
00C04F79FA
A6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
on D:\WINDOWS\INF\wmp10.inf,P
erUserStub
[{7790769C-0471-11d2-AF11-
00C04FA35D
02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-
00AA005B43
40}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-
00AA005B43
83}] *
StubPath = %SystemRoot%\system32\ie4u
init.exe
[{89B4C1CD-B018-4511-B0A1-
5476DBF708
20}] *
StubPath = D:\WINDOWS\system32\Rundll
32.exe D:\WINDOWS\system32\mscori
es.dll,Ins
tall
[{8b15971b-5355-4c82-8c07-
7e181ea076
08}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSecti
on C:\WINDOWS\INF\fxsocm.inf,
Fax.Instal
l.PerUser
--------------------------
----------
----------
----
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\IC
Q\Agent\Ap
ps
*Registry key not found*
--------------------------
----------
----------
----
Load/Run keys from D:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon
: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon
: run=*Registry value not found*
HKLM\..\Windows\CurrentVer
sion\WinLo
gon: load=*Registry key not found*
HKLM\..\Windows\CurrentVer
sion\WinLo
gon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon
: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon
: run=*Registry value not found*
HKCU\..\Windows\CurrentVer
sion\WinLo
gon: load=*Registry key not found*
HKCU\..\Windows\CurrentVer
sion\WinLo
gon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows:
load=
HKCU\..\Windows NT\CurrentVersion\Windows:
run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows:
load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows:
run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows:
AppInit_DLLs=
--------------------------
----------
----------
----
Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------
----------
----------
----
Checking for EXPLORER.EXE instances:
D:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
D:\WINDOWS\Explorer\Explor
er.exe: not present
D:\WINDOWS\System\Explorer
.exe: not present
D:\WINDOWS\System32\Explor
er.exe: not present
D:\WINDOWS\Command\Explore
r.exe: not present
D:\WINDOWS\Fonts\Explorer.
exe: not present
--------------------------
----------
----------
----
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------
----------
----------
----
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in D:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------
----------
----------
----
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll - {53707962-6F74-2D53-2644-2
06D7942484
F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3}
(no name) - C:\WINDOWS\System32\gebcd.
dll - {7A1A109F-58B3-414B-9829-5
F4D9BE5FED
E}
--------------------------
----------
----------
----
Enumerating Task Scheduler jobs:
Scheduled scanning task.job
--------------------------
----------
----------
----
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\cla
sses\dajav
a.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\cla
sses\xmlds
o.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitC
heckContro
l.DLL
CODEBASE =
http://go.microsoft.com/fw
link/?link
id=39204
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.
dll
CODEBASE =
http://update.microsoft.co
m/windowsu
pdate/v6/V
5Controls/
en/
x86/cli
ent/wuweb_
site.cab?1
1342879732
81
[Housecall ActiveX 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dl
l
CODEBASE =
http://us-housecall.trendm
icro-europ
e.com/hous
ecall/appl
et/
html/na
tive/x86/w
in32/activ
ex/hcImpl.
cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
CODEBASE =
http://java.sun.com/update
/1.5.0/jin
stall-1_5_
0_06-windo
ws-
i586.ca
b
[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD
~1.OCX
CODEBASE =
https://h17000.www1.hp.com
/ewfrf-JAV
A/Secure/
H
PGetDownlo
adManager.
ocx
[MsnMessengerSetupDownload
Control Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDow
nloader.oc
x
CODEBASE =
http://messenger.msn.com/d
ownload/
Ms
nMessenger
SetupDownl
oader.cab
[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
CODEBASE =
http://java.sun.com/update
/1.5.0/jin
stall-1_5_
0_06-windo
ws-
i586.ca
b
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin
\npjpi150_
06.dll
CODEBASE =
http://java.sun.com/update
/1.5.0/jin
stall-1_5_
0_06-windo
ws-
i586.ca
b
[Shockwave Flash Object]
InProcServer32 = D:\WINDOWS\system32\Macrom
ed\Flash\F
LASH.OCX
CODEBASE =
http://download.macromedia
.com/pub/s
hockwave/c
abs/flash/
swflash.ca
b
--------------------------
----------
----------
----
Enumerating Winsock LSP files:
NameSpace #1: D:\WINDOWS\System32\mswsoc
k.dll
NameSpace #2: D:\WINDOWS\System32\winrnr
.dll
NameSpace #3: D:\WINDOWS\System32\mswsoc
k.dll
Protocol #1: winsflt.dll (file MISSING)
Protocol #2: winsflt.dll (file MISSING)
Protocol #3: winsflt.dll (file MISSING)
Protocol #4: winsflt.dll (file MISSING)
Protocol #5: winsflt.dll (file MISSING)
Protocol #6: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #7: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #8: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #9: D:\WINDOWS\system32\rsvpsp
.dll
Protocol #10: D:\WINDOWS\system32\rsvpsp
.dll
Protocol #11: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #12: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #13: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #14: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #15: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #16: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #17: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #18: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #19: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #20: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #21: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #22: D:\WINDOWS\system32\mswsoc
k.dll
Protocol #23: winsflt.dll (file MISSING)
--------------------------
----------
----------
----
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drive
rs\afd.sys
(system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sy
s (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.S
YS (manual start)
Alerter: %SystemRoot%\system32\svch
ost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.
exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys
(system)
Application Management: %SystemRoot%\system32\svch
ost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET
\Framework
\v1.1.4322
\aspnet_st
ate.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.
sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys
(system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.s
ys (manual start)
Windows Audio: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.s
ys (manual start)
Shaw Secure: C:\PROGRA~1\SHAWSE~1\backw
eb\3875767
\Program\S
ERVIC~1.EX
E (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svch
ost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.
sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys
(system)
Indexing Service: %SystemRoot%\system32\cisv
c.exe (manual start)
ClipBook: %SystemRoot%\system32\clip
srv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhos
t.exe /Processid:{02D4B3F1-FD88-
11D1-960D-
00805FC792
35} (manual start)
Cryptographic Services: %SystemRoot%\system32\svch
ost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svch
ost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmad
min.exe /com (manual start)
dmboot: System32\drivers\dmboot.sy
s (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sy
s (disabled)
Logical Disk Manager: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sy
s (manual start)
DNS Client: %SystemRoot%\System32\svch
ost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.s
ys (manual start)
Error Reporting Service: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\serv
ices.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchos
t.exe -k netsvcs (manual start)
F-Secure File System Filter: \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FS
filter.sys
(autostart)
F-Secure Gatekeeper: \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FS
gk.sys (autostart)
FSGKHS: "C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st
.exe" (autostart)
F-Secure File System Recognizer: \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FS
rec.sys (autostart)
fasttx2k: System32\DRIVERS\fasttx2k.
sys (system)
Fast User Switching Compatibility: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxss
vc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.
sys (manual start)
FltMgr: system32\drivers\fltmgr.sy
s (system)
fsbwsys: "C:\Program Files\Shaw Secure\backweb\3875767\pro
gram\fsbws
ys.exe" (autostart)
F-Secure Anti-Virus Firewall Daemon: "C:\Program Files\Shaw Secure\FWES\Program\fsdfwd
.exe" (manual start)
F-Secure Firewall Driver: System32\drivers\fsdfw.sys
(system)
F-Secure HTTP Server: "C:\Program Files\Shaw Secure\FSPC\fshttps\fshttp
s.exe" (manual start)
F-Secure Management Agent: "C:\Program Files\Shaw Secure\Common\FSMA32.EXE" (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sy
s (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys
(manual start)
Help and Support: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svch
ost.exe -k netsvcs (disabled)
HTTP
: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svch
ost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.
sys (system)
ialm: System32\DRIVERS\ialmnt5.s
ys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys
(system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.
exe (manual start)
IntelIde: System32\DRIVERS\intelide.
sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.
sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys
(manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.
sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sy
s (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys
(manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys
(system)
IR Enumerator Service: System32\DRIVERS\irenum.sy
s (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sy
s (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.
sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sy
s (manual start)
Workstation: %SystemRoot%\system32\svch
ost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svch
ost.exe -k LocalService (autostart)
Lucent Modem Driver: System32\DRIVERS\ltmdmnt.s
ys (manual start)
Messenger: %SystemRoot%\system32\svch
ost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrv
c.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.
sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sy
s (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sy
s (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.
exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexe
c.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.s
ys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.
sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys
(manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.
sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys
(manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.
sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sy
s (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.
sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.s
ys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.s
ys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.s
ys (system)
NetBT: System32\DRIVERS\netbt.sys
(system)
Network DDE: %SystemRoot%\system32\netd
de.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netd
de.exe (disabled)
Net Logon: %SystemRoot%\system32\lsas
s.exe (manual start)
Network Connections: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsas
s.exe (manual start)
Removable Storage: %SystemRoot%\system32\svch
ost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.
sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsv
c32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sy
s (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.
sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.
sys (manual start)
Parallel port driver: System32\DRIVERS\parport.s
ys (manual start)
Pcdr Helper Driver: \??\C:\PROGRA~1\PC-DOC~1\D
IAGNO~1\PC
DRDRV.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sy
s (system)
Plug and Play: %SystemRoot%\system32\serv
ices.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsas
s.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.s
ys (manual start)
Processor Driver: System32\DRIVERS\processr.
sys (system)
Protected Storage: %SystemRoot%\system32\lsas
s.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: system32\DRIVERS\psched.sy
s (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.s
ys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.
sys (system)
Logitech QuickCam Express: System32\DRIVERS\OVCD.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sy
s (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svch
ost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.s
ys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.
sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sy
s (manual start)
Rdbss: system32\DRIVERS\rdbss.sys
(system)
RDPCDD: System32\DRIVERS\RDPCDD.sy
s (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmg
r.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.s
ys (system)
Routing and Remote Access: %SystemRoot%\System32\svch
ost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\loca
tor.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svch
ost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp
.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtnicxp.s
ys (manual start)
Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver: system32\DRIVERS\R8139n51.
SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sy
s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsas
s.exe (autostart)
Smart Card: %SystemRoot%\System32\SCar
dSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sy
s (manual start)
Secondary Logon: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svch
ost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.s
ys (manual start)
Serial port driver: System32\DRIVERS\serial.sy
s (system)
Service Hosts: "C:\WINDOWS\shost.exe" (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sy
s (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPX.s
ys (system)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.
sys (manual start)
Print Spooler: %SystemRoot%\system32\spoo
lsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
SSDP Discovery Service: %SystemRoot%\System32\svch
ost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svch
ost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.
sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sy
s (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sy
s (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhos
t.exe /Processid:{3E638203-9A6E-
493D-B94E-
E207BFC163
BC} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.
sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlo
gsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys
(system)
Terminal Device Driver: System32\DRIVERS\termdd.sy
s (system)
Terminal Services: %SystemRoot%\System32\svch
ost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svch
ost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: D:\WINDOWS\system32\wdfmgr
.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sy
s (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svch
ost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.
exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.s
ys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sy
s (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.s
ys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.s
ys (manual start)
VGA Display Controller.: \SystemRoot\System32\drive
rs\vga.sys
(system)
VIA AGP Filter: System32\DRIVERS\viaagp1.s
ys (system)
ViaIde: System32\DRIVERS\viaide.sy
s (system)
Volume Shadow Copy: %SystemRoot%\System32\vssv
c.exe (manual start)
Windows Time: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sy
s (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sy
s (manual start)
WebClient: %SystemRoot%\System32\svch
ost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svch
ost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\w
miapsrv.ex
e (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drive
rs\ws2ifsl
.sys (system)
Security Center: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.
SYS (manual start)
Automatic Updates: %systemroot%\system32\svch
ost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svch
ost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svch
ost.exe -k netsvcs (manual start)
Intel(R) Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.s
ys (manual start)
Intel(R) Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.
sys (manual start)
--------------------------
----------
----------
----
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperation
s: *Registry value not found*
--------------------------
----------
----------
----
Enumerating ShellServiceObjectDelayLoa
d items:
PostBootReminder: D:\WINDOWS\system32\SHELL3
2.dll
CDBurn: D:\WINDOWS\system32\SHELL3
2.dll
WebCheck: D:\WINDOWS\System32\webche
ck.dll
SysTray: C:\WINDOWS\System32\stobje
ct.dll
--------------------------
----------
----------
----
Autorun entries from Registry:
HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\policies\
Explorer\R
un
*Registry key not found*
--------------------------
----------
----------
----
Autorun entries from Registry:
HKLM\Software\Microsoft\Wi
ndows\Curr
entVersion
\policies\
Explorer\R
un
*Registry key not found*
--------------------------
----------
----------
----
End of report, 35,988 bytes
Report generated in 0.453 seconds
and here is the log file.
Logfile of HijackThis v1.99.1
Scan saved at 3:51:33 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.e
xe
D:\WINDOWS\system32\winlog
on.exe
D:\WINDOWS\system32\servic
es.exe
D:\WINDOWS\system32\lsass.
exe
D:\WINDOWS\system32\svchos
t.exe
D:\WINDOWS\system32\spools
v.exe
C:\PROGRA~1\SHAWSE~1\backw
eb\3875767
\Program\S
ERVIC~1.EX
E
C:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Shaw Secure\backweb\3875767\Pro
gram\fspex
.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st
.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.E
XE
C:\Program Files\Shaw Secure\backweb\3875767\pro
gram\fsbws
ys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.e
xe
D:\WINDOWS\System32\nvsvc3
2.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
D:\WINDOWS\System32\svchos
t.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.e
xe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd
.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\PROGRA~1\SHAWSE~1\ANTI-
S~1\fsaw.e
xe
C:\windows\system\hpsysdrv
.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\Digi
tal Imaging\Unload\hpqcmon.exe
D:\WINDOWS\system32\rundll
32.exe
D:\WINDOWS\System32\svchos
t.exe
D:\WINDOWS\system32\taskmg
r.exe
D:\WINDOWS\system32\NOTEPA
D.EXE
D:\Documents and Settings\Owner\My Documents\My Received Files\hijackthis\HijackThi
s.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.wtfcomics.com/
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.
htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\system
32\userini
t.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5
F4D9BE5FED
E} - C:\WINDOWS\System32\gebcd.
dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-0
5D28BCF79F
5} - C:\HP\EXPLOREBAR\HPTOOLKT.
DLL
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD
.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.ex
e
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwi
z.exe /R
O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] txwyrnbske.EXE
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
ay.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv
.exe
O4 - HKLM\..\Run: [GlobalSCAPE] tffcdua.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digi
tal Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BCNT] C:\PROGRA~1\AWS\WEATHE~1\B
CNT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\RunServices: [GlobalSCAPE] tffcdua.exe
O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] txwyrnbske.EXE
O4 - HKLM\..\RunServices: [Network Virtual Daemon] ntvdmn.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Pro
gram\fspex
.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockp
opups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_06\bin
\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A
44ACCF73C0
0} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A
44ACCF73F0
1} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A
44ACCF73F0
1} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A
44ACCF73C0
0} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshie
ld.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A
44ACCF73C0
0} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshie
ld.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O16 - DPF: {17492023-C23A-453E-A040-C
7C580BBF70
0} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fw
link/?link
id=39204
O16 - DPF: {6414512B-B978-451D-A0D8-F
CFDF33E833
C} (WUWebControl Class) -
http://update.microsoft.co
m/windowsu
pdate/v6/V
5Controls/
en/
x86/cli
ent/wuweb_
site.cab?1
1342879732
81
O16 - DPF: {6E5A37BF-FD42-463A-877C-4
EB7002E68A
E} (Housecall ActiveX 6.5) -
http://us-housecall.trendm
icro-europ
e.com/hous
ecall/appl
et/
html/na
tive/x86/w
in32/activ
ex/hcImpl.
cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D
8ABCA09EC0
9} (Get_ActiveX Control) -
https://h17000.www1.hp.com
/ewfrf-JAV
A/Secure/
H
PGetDownlo
adManager.
ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
95F0A5519F
F} (MsnMessengerSetupDownload
Control Class) -
http://messenger.msn.com/d
ownload/
Ms
nMessenger
SetupDownl
oader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8
E305202313
F} - "C:\PROGRA~1\MSNMES~1\msgr
app.dll" (file missing)
O20 - Winlogon Notify: gebcd - C:\WINDOWS\System32\gebcd.
dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsr
vc.dll
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backw
eb\3875767
\Program\S
ERVIC~1.EX
E
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st
.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\pro
gram\fsbws
ys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd
.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttp
s.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc3
2.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
D:\WINDOWS\system32\txwyrn
bske.EXE. <--------------- worrys me loads with windows i cant find any information on the file at all any where on the net and no virus or spywear dectors find any thing wrong with it and when i tryed to find the actual file i could not.
any suggestions or help would be greatly helpful thanks in advance.
Answer : slow loading times on win xp home from fresh install
Here is your analyzed log
http://hijackthis.de/logfi
les/
0b4f36
3c74f459d6
8497a92669
5f7254.htm
l
You have Vundo adware. Please download vundofix.exe to your desktop.
http://www.atribune.org/do
wnloads/Vu
ndoFix.exe
Double-click vundofix.exe to extract the files
This will create a vundofix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the vundofix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
quote:[color=blue]vundofix
V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
At this point press enter one time.
Next you will see:
quote:Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.[/color]
At this point please type the following file path (make sure to enter it exactly as below!)
C:\WINDOWS\System32\gebcd.
*
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
quote:Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\dcbeg.
*
Press Ente, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5
F4D9BE5FED
E} - C:\WINDOWS\System32\gebcd.
dll
O4 - HKLM\..\RunServices: [Network Virtual Daemon] ntvdmn.exe
O20 - Winlogon Notify: gebcd - C:\WINDOWS\System32\gebcd.
dll
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!
http://www.stevengould.org
/downloads
/cleanup/C
leanUp40.e
xe
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
http://www.pandasoftware.c
om/product
s/activesc
an.htm
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
Random Solutions
Experts-Exchange browser formatting problem
Exchange Recovery
How to install UnixODBC and IBM Informix Client SDK
Active Directory/Group Policy Push Down Registry setting
Filtering subform results based on unbound listbox selections
How do I forward a http request?
windows xp running slow
WSUS Event Log Error 13042
Synchronization in Windows XP
Placing a Google Gadget or anything similiar, within a full flash website.