please help!!!! 1on1/hot kiss dialer

Discussion in 'adware, spyware & hijack cleaning' started by puttney11, May 26, 2004.

Thread Status:
Not open for further replies.
  1. puttney11

    puttney11 Registered Member

    Joined:
    May 26, 2004
    Posts:
    2
    hi,

    sorry to bother you but I seem to have been hijacked by the 1on1/ hot kiss dialler. i have tried lots of things to get rid of it like spykiller,spybot and Ad Aware and although they all claim to have solved the problem it keeps coming back again and again. If you anyone can please help me with this I would be very grateful. Im fairly bad with computers so if you could make it simple I would appreciate it lots. I downloaded HijackThis and here is the log:

    Logfile of HijackThis v1.97.7
    Scan saved at 22:55:00, on 26/05/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\BROWSE.EXE
    C:\WINDOWS\1ON1.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\AOL 7.0A\AOLTRAY.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\AOL 7.0A\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [httpd] C:\WINDOWS\browse.exe /i
    O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi puttney11,

    Have only HijackThis running and fix :

    O4 - HKLM\..\Run: [httpd] C:\WINDOWS\browse.exe /i
    O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n

    Restart PC afterdoing so in Safe Mode : Here's How and remove :

    C:\WINDOWS\browse.exe <- this file
    C:\WINDOWS\1on1.exe <- this file

    Clean temp internet files

    Restart again in normal mode

    Update win and IE at windowsupdate.com

    Hope this helps

    Cheers,
     
  3. puttney11

    puttney11 Registered Member

    Joined:
    May 26, 2004
    Posts:
    2
    hi,

    well i did what you said and most of it seemed to work except after restarting my pc is safemode i couldnt find the browse.exe file. Im also having trouble updating windows and IE. That said, i havent been hijacked for the last 3/4 hours since I tried to follow your instructions. Thanks so much for your help!!! Looks like you solved the problem :) . thank you again for taking the time to help!!!

    Puttney11
     
Thread Status:
Not open for further replies.