Logfile of HijackThis v1.99.1 Scan saved at 1:44:57 PM, on 8/7/2007 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI WIRELESS NETWORK MONITOR\WMP54GV4.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMA32.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSMB32.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FCH32.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSHTTPS\FSHTTPS.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSBWSYS.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSQH.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FAMEH32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSRW.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPC.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-VIRUS\FSAV32.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\SYSTEM\LVCOMS.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\FSM32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ISPNEWS.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\BACKWEB\3528733\PROGRAM\FSPEX.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSGUIDLL.EXE C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\FSAW.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\HJT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\SYSTEM\LVCOMS.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSGUI\ispnews.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Common\FSMA32.EXE O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet O4 - HKCU\..\RunServices: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background O4 - HKCU\..\RunServices: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk572YYUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O8 - Extra context menu item: &Block this popup - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\Anti-Spyware\blockpopups.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\FSPC\FSPCMSIE.DLL O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\IESHIELD.DLL O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\ANTI-SPYWARE\IESHIELD.DLL O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab I have virus that I cant get rid of... Someone help! Thanks
Download and Run ComboFix *Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe *Then double click combofix.exe & follow the prompts. *When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
