TechSpot

Problem with Popups - HijackThis log attached

By RobertChevalier
Dec 29, 2004
  1. I've managed to fix a couple problems with their computer, but I can't manage to find the root of a bunch of suspicious files/processes/keys.. the root of the popups. I think I'm in over my head. Any help?

    -edit: this didn't capture some suspicious Processes.. I think they took a while to start up. Something like Qmq35rq and Fx1hdx1 (give or take.. Windows Startup Online didn't have any info on them, found no registry entries, no files by those names..)
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Reboot in Safe Mode

    Kill these running processes first with Task Manager, if you can:
    C:\PROGRAM FILES\SED\SED.EXE
    C:\WINDOWS\SYSTEM\VSK4.EXE
    hgpkyi.exe (don't know where this is)
    C:\WINDOWS\SYSTEM\ms.exe
    C:\WINDOWS\WUOVYG.EXE
    C:\WINDOWS\SYSTEM\KALVKDJ32.EXE
    C:\WINDOWS\APPLICATION DATA\BETT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\FHO1HDX1.EXE
    C:\WINDOWS\SYSTEM\KRXH5.EXE

    With NO other programs open, run HJT and let it FIX:
    C:\WINDOWS\WUOVYG.EXE
    C:\WINDOWS\SYSTEM\KALVKDJ32.EXE
    C:\WINDOWS\APPLICATION DATA\BETT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\FHO1HDX1.EXE
    C:\WINDOWS\SYSTEM\KRXH5.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL (file missing)
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
    O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVKDJ32.EXE
    O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE"
    O4 - HKLM\..\Run: [3K5S4H33Z6SDA8] C:\WINDOWS\SYSTEM\VSK4.EXE
    O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\wuovyg.exe
    O4 - HKCU\..\Run: [Noha] C:\WINDOWS\Application Data\bett.exe
    O4 - Startup: hgpkyi.exe
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0e686da2c52a:eba71fc54f16cc5285c47c437eb9360a
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

    When done, delete the crap, whatever is left:
    C:\WINDOWS\SYSTEM\VSK4.EXE
    hgpkyi.exe (don't know where this is)
    C:\WINDOWS\SYSTEM\ms.exe
    C:\WINDOWS\WUOVYG.EXE
    C:\WINDOWS\SYSTEM\KALVKDJ32.EXE
    C:\WINDOWS\APPLICATION DATA\BETT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\FHO1HDX1.EXE
    C:\WINDOWS\SYSTEM\KRXH5.EXE
    C:\WINDOWS\EliteToolBar (anything in this DIR including the DIR itself)
    C:\PROGRAM FILES\SED (anything in this DIR including the DIR itself)
    C:\PROGRAM FILES\EBATES_MOEMONEYMAKER (anything in this DIR including the DIR itself)

    Finally, go to my thread: http://www.techspot.com/vb/topic18355.html
    and substitute xfire_lsp_8742.dll with aklsp.dll
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.