Logfile of HijackThis v1.99.1
Scan saved at 5:58:47 PM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
E:\CharterAntiVirusFireWall\Common\FSM32.EXE
E:\MicrosoftAntispyware\gcasServ.exe
E:\qttask.exe
E:\quicktunes\iTunesHelper.exe
E:\IVT BlueSoleil\BlueSoleil.exe
E:\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
E:\CharterAntiVirusFireWall\Anti-Virus\fsgk32st.exe
E:\Common\Bin\WinCinemaMgr.exe
E:\CharterAntiVirusFireWall\backweb\3528733\Program\fspex.exe
E:\CharterAntiVirusFireWall\Anti-Virus\FSGK32.EXE
E:\Program Files\WinZip\WZQKPICK.EXE
E:\CharterAntiVirusFireWall\backweb\3528733\program\fsbwsys.exe
C:\WINDOWS\system32\wfxsnt40.exe
E:\CharterAntiVirusFireWall\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
E:\CharterAntiVirusFireWall\Common\FSMB32.EXE
E:\CharterAntiVirusFireWall\Anti-Virus\fssm32.exe
E:\CharterAntiVirusFireWall\Common\FCH32.EXE
E:\WINFAX\wfxctl32.exe
E:\CharterAntiVirusFireWall\Common\FAMEH32.EXE
E:\CharterAntiVirusFireWall\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\CharterAntiVirusFireWall\FWES\Program\fsdfwd.exe
E:\CharterAntiVirusFireWall\Anti-Virus\fsav32.exe
E:\CharterAntiVirusFireWall\FSGUI\fsguiexe.exe
E:\WINFAX\WFXMOD32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp53DC.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft RPC Module] WINrpc32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AOL 9.0 Optimized] AOLCLIENT.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [hutdowns] C:\WINDOWS\System32\hutdowns.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevjd32.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\CharterAntiVirusFireWall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\CharterAntiVirusFireWall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\CharterAntiVirusFireWall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "E:\CharterAntiVirusFireWall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [gcasServ] "E:\MicrosoftAntispyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\quicktunes\iTunesHelper.exe
O4 - HKLM\..\RunServices: [Microsoft RPC Module] WINrpc32.exe
O4 - HKCU\..\Run: [ver] C:\WINDOWS\System32\ver.exe
O4 - HKCU\..\Run: [YB23RffEg] C:\Program Files\asdfe57\SPBS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WinFax Application Port Starter.lnk = C:\WINDOWS\system32\wfxsnt40.exe
O4 - Startup: WinFax PRO Controller.lnk = E:\WINFAX\wfxctl32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe7\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - E:\CharterAntiVirusFireWall\FSPC\fspcmsie.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello by Picasa\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Hello by Picasa\Hello\PicasaCapture.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...llsize_bed.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak06.picture...US.9.1.6.18.cab
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - E:\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\CharterAntiVirusFireWall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\CharterAntiVirusFireWall\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\CharterAntiVirusFireWall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - E:\CharterAntiVirusFireWall\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\CharterAntiVirusFireWall\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe