Logfile of HijackThis v1.99.1
Scan saved at 5:50:40 AM, on 8/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
F:\WINDOWS\Explorer.exe
F:\WINDOWS\System32\RunDll32.exe
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
F:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\mspaint.exe
F:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
F:\Documents and Settings\jonathan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://F:\DOCUME~1\jonathan\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rockstarg....com/sanandreas
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = w
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = v
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = b
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3EB3423F-A020-40A8-9259-12B9CAD3ABD0} - F:\WINDOWS\System32\ggmh.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - F:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] F:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Dinst] F:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gedatg] F:\WINDOWS\System32\hrkvbey.exe r
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: InterAct Profile Activator.lnk = F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySweeper.exe
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE