(not running in safe mode) I deleted some of the x-marked, but it's worse. It put a bunch of desktop items (casinos, etc.) on desktop, and even popups in AOl.
I don't know where hijackthis.exe is. I just run it off start/run button.
I can search for it and move it to where it should be.
This is latest log.
Logfile of HijackThis v1.98.1
Scan saved at 3:52:37 PM, on 8/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Recommended Posts
Kit Sober
Thanks.
(not running in safe mode) I deleted some of the x-marked, but it's worse. It put a bunch of desktop items (casinos, etc.) on desktop, and even popups in AOl.
I don't know where hijackthis.exe is. I just run it off start/run button.
I can search for it and move it to where it should be.
This is latest log.
Logfile of HijackThis v1.98.1
Scan saved at 3:52:37 PM, on 8/14/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMSSDPSRV.EXE
C:WINDOWSSYSTEMMDM.EXE
C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCIOMON.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCPFW.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYTMPROXY.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMRESTORESTMGR.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESCOMMON FILESROXIO SHAREDPROJECT SELECTORPROJSELECTOR.EXE
C:PROGRAM FILESROXIOEASY CD CREATOR 6DRAGTODISCDRGTODSC.EXE
C:PROGRAM FILESROXIOEASY CD CREATOR 6AUDIOCENTRALRXMON.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESROXIOEASY CD CREATOR 6AUDIOCENTRALPLAYLIST.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCGUIDE.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYPCCLIENT.EXE
C:PROGRAM FILESTREND MICROINTERNET SECURITYTMOAGENT.EXE
C:PROGRAM FILESSPYWARE DOCTORSPYDOCTOR.EXE
C:PROGRAM FILESAMERICA ONLINE 9.0AOLTRAY.EXE
C:PROGRAM FILESAOL COMPANIONCOMPANION.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:PROGRAM FILESAMERICA ONLINE 9.0WAOL.EXE
C:PROGRAM FILESAMERICA ONLINE 9.0SHELLMON.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:PROGRAM FILESAMERICA ONLINE 9.0AOLWBSPD.EXE
C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE
C:WINDOWSSYSTEMDDHELP.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSYSTEMKIKFAD.DLL/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 - BHO: (no name) - {64818568-29E0-487B-8355-352595A9919A} - C:WINDOWSSYSTEMKIKFAD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {B5D34A35-A97F-6C37-FD39-2B97861C1350} - C:PROGRAM FILESFAST THEAXIS PLATFORM.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [scanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s
O4 - HKLM..Run: [systemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [projselector] "C:Program FilesCommon FilesRoxio SharedProject Selectorprojselector.exe" -r
O4 - HKLM..Run: [RoxioEngineUtility] "C:Program FilesCommon FilesRoxio SharedSystemEngUtil.exe"
O4 - HKLM..Run: [RoxioDragToDisc] "C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe"
O4 - HKLM..Run: [RoxioAudioCentral] "C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe"
O4 - HKLM..Run: [Type readme] C:PROGRA~1THUNKD~1Tonsmemo.exe
O4 - HKLM..Run: [pccguide.exe] "C:Program FilesTrend MicroInternet Securitypccguide.exe"
O4 - HKLM..Run: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"
O4 - HKLM..Run: [PCClient.exe] "C:Program FilesTrend MicroInternet SecurityPCClient.exe"
O4 - HKLM..Run: [TM Outbreak Agent] "C:Program FilesTrend MicroInternet SecurityTMOAgent.exe" /run
O4 - HKLM..Run: [bEND PROGRAM PHONE ACTIVE] C:WINDOWSAll UsersApplication DataDale dash bend programfunk bind.exe
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [schedulingAgent] mstask.exe
O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe
O4 - HKLM..RunServices: [sSDPSRV] C:WINDOWSSYSTEMssdpsrv.exe
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [AolAcsDaemon1] "C:PROGRAM FILESCOMMON FILESAOLACSACSD.EXE"
O4 - HKLM..RunServices: [PCCIOMON.exe] "C:Program FilesTrend MicroInternet SecurityPCCIOMON.exe"
O4 - HKLM..RunServices: [PccPfw] C:Program FilesTrend MicroInternet SecurityPccPfw.exe
O4 - HKLM..RunServices: [tmproxy] C:Program FilesTrend MicroInternet Securitytmproxy.exe
O4 - HKCU..Run: [spyware Doctor] "C:PROGRAM FILESSPYWARE DOCTORSPYDOCTOR.EXE" /Q
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Startup: AOL Companion.lnk = C:Program FilesAOL Companioncompanion.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSYSTEMShdocvw.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O17 - HKLMSystemCCSServicesVxDMSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {8CD6C1A8-8B76-4270-8D6B-1B3F867D6157} - C:WINDOWSSYSTEMKIKFAD.DLL
O18 - Filter: text/plain - {8CD6C1A8-8B76-4270-8D6B-1B3F867D6157} - C:WINDOWSSYSTEMKIKFAD.DLL
Thanks.
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.