Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 6.9.2025 / 11:36
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my log please help!!!
Show topics
 
Forums
Forums
my Log Please Help!!!
  Jump to:
 
Posted Message
ForKids
Junior Member
_ 		7. August 2007 @ 09:41 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 1:44:57 PM, on 8/7/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI WIRELESS NETWORK MONITOR\WMP54GV4.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMA32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMB32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FCH32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSHTTPS\FSHTTPS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSBWSYS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSQH.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FAMEH32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSRW.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPC.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ISPNEWS.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSPEX.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSGUIDLL.EXE
C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\FSAW.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\SYSTEM\LVCOMS.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSMA32.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\RunServices: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\RunServices: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxmk572YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Block this popup - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Anti-Spyware\blockpopups.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\IESHIELD.DLL
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\IESHIELD.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab


I have virus that I cant get rid of... Someone help! Thanks
[ + quote]
Thanks Vikki
Auttaja
Suspended permanently
_ 		8. August 2007 @ 11:45 _ Link to this message    Send private message to this user   
Download and Run ComboFix
*Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

*Then double click combofix.exe & follow the prompts.
*When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my log please help!!!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork