my desktop is conquered by its website and keeps flashing white and grey in colour. a few days ago, actually, the situation was even worse. nothing appeared on my desktop after logging in. juz that i ran panda antivirus and spybot to eliminate some of the clicksearchclick malware. i wonder if it will go off again so better terminate clicksearchclick asap. any help would be greatly appreciated, thanks.
Logfile of HijackThis v1.99.1
Scan saved at 18:42:56, on 10/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Babylon\Babylon.exe
C:\WINDOWS\system32\Q9.EXE
C:\WINDOWS\system32\QTRAYIME.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {A4F08C33-F2D4-4E48-B016-6BDCD3508FD8} - C:\WINDOWS\System32\ldid.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_1633.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O18 - Filter: text/html - {85689524-0926-454E-BD99-342F56396849} - C:\WINDOWS\System32\ldid.dll
O18 - Filter: text/plain - {85689524-0926-454E-BD99-342F56396849} - C:\WINDOWS\System32\ldid.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - C:\KAV2005\KPfwSvc.EXE (file missing)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: Windows Update Service (wuamgrd) - Unknown owner - C:\WINDOWS\System32\wuamgrd.exe (file missing)
Edited by carlos_el_criado, 10 June 2005 - 05:07 AM.