***
An analysis of your HJT log shows the following problems :
We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.
Platform: Windows XP SP2 (WinNT 5.01.2600)A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
MSIE: Internet Explorer v7.00 (7.00.5730.0013)IE8 has been out for many months and is more secure than IE7.
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)Unnecessary (deactivated) entry that can be fixed.
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)Unnecessary (deactivated) entry that can be fixed.
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cabCheck if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed.
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC412536-8230-4658-B7C4-30228A848A82}: NameServer = 192.172.1.1,202.56.215.54Do you know the IP or Domain '192.172.1.1,202.56.215.54'? If not, fix this entry.
This is probably your ISP but you should check it to be sure.
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\This is a fake Windows Update AutoUpdate Service and should be fixed.
Items listed as 023 are listings of non-Microsoft services. The list should be the same as the one you see in the Msconfig utility of Windows XP. Several trojan hijackers use a homemade service in adittion to other startups to reinstall themselves. The full name is usually important-sounding, like 'Network Security Service', 'Workstation Logon Service' or 'Remote Procedure Call Helper' or, as in this case, Windows Update AutoUpdate Service.
http://www.threatexpert.com/files/wuauserv.dll.htmlOverview of running tasks : smss.exe
System task
Session Manager Subsystem
winlogon.exe
System task
Microsoft Windows Logon Process
services.exe
System task
Windows Service Controller
lsass.exe
System task
Local Security Authority Service
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
aswUpdSv.exe
Virusscan
Avast Anti-Virus Component
ashServ.exe
Virusscan
Avast
Explorer.EXE
System task
Microsoft Windows Explorer
igfxtray.exe
Application
Intel Graphics configuration and diagnostic application
hkcmd.exe
Application
Intel multimedia devices
igfxpers.exe
Driver
Intel Common User Interface Module
SOUNDMAN.EXE
Backgroundtask
Realtek Avance Logic Inc
igfxsrvc.exe
Driver
Intel(R) Common User Interface
ashDisp.exe
Virusscan
Avast AntiVirus
jusched.exe
Backgroundtask
Sun Java Update Scheduler
realsched.exe
Application
RealNetworks Scheduler
flockbox.exe
Unknown task This security software from FSPro Labs allows you to password protect any folder on your computer.
Unknown task
http://www.pcpitstop.com/libraries/process/i/flockbox.exe.htmlDAP.EXE
Backgroundtask
Download Accelerator Plus from Speedbit.
ctfmon.exe
System task
Alternative User Input Services
spoolsv.exe
System task
Microsoft Printer Spooler Service
ashMaiSv.exe
Virusscan
Avast Anti-Virus Component
ashWebSv.exe
Virusscan
avast! Web Scanner
iexplore.exe
Application
Microsoft Internet Explorer
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
jucheck.exe
Backgroundtask
Sun Java UpdateChecker Module
HijackThis.exe
Application
Merijn Hijackthis
***
