Hi Excal
Ok - it looks good now... here is the log. what do ya think??
Logfile of HijackThis v1.99.1
Scan saved at 1:56:06 PM, on 8/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
F:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
F:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
F:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\jonathan\Desktop\HIJACK THIS\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\System32\taskmgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - F:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [richup] F:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [News Service] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [FSA] F:\WINDOWS\FSA.exe
O4 - HKLM\..\Run: [F-Secure TNB] "F:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "F:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "F:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: InterAct Profile Activator.lnk = F:\Program Files\InterAct\Gaming Devices\JoyAct.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - F:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{603F88AB-B73F-46DE-BA7C-066D39462CA6}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - F:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - F:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - F:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE