0

Logfile of HijackThis v1.98.2
Scan saved at 4:56:56 PM, on 4/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Ydvq\Pyywyd.exe
D:\Program Files\QuickTime\qttask.exe
D:\windows\system32\ngrkep.exe
D:\WINDOWS\system32\exp.exe
D:\WINDOWS\system32\wintask.exe
D:\Program Files\Media Access\MediaAccK.exe
D:\windows\system32\saie.exe
D:\WINDOWS\IEXPLOR.EXE
D:\Program Files\Media Access\MediaAccess.exe
D:\WINDOWS\system32\chkisn.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
D:\WINDOWS\zrdpktfo.exe
D:\WINDOWS\WinTask.exe
D:\WINDOWS\system\qdxcuo.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\wshprbda.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\Program Files\NavNT\defwatch.exe
D:\windows\system32\packager.exe
D:\Program Files\NavNT\rtvscan.exe
D:\Program Files\UBizNames\MyKey\keyservice.exe
D:\Program Files\UBizNames\MyKey\keyalive.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\MsgSys.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Algis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (D:\Documents and Settings\Algis\Application Data\Mozilla\Profiles\default\3y2cvua3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\Algis\Application Data\Mozilla\Profiles\default\3y2cvua3.slt\prefs.js)
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - D:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
O3 - Toolbar: ¸¶ÀÌÅ°¿öµå(&K) - {46D387E9-41FC-4F71-A7C3-B0BEB3568F00} - D:\PROGRA~1\UBIZNA~1\MyKey\keyband.dll
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] D:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Mqjehc] C:\Program Files\Ydvq\Pyywyd.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Search] D:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] D:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [farmmext] D:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ngrkep] d:\windows\system32\ngrkep.exe
O4 - HKLM\..\Run: [PaciSoft] D:\WINDOWS\system32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] D:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] D:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [saie] d:\windows\system32\saie.exe
O4 - HKLM\..\Run: [D:\WINDOWS\IEXPLOR.EXE] D:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [AtxBrw] D:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [7FoX33l] chkisn.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "D:\DOCUME~1\Algis\LOCALS~1\Temp\~compoundinst0\auto_update_loader.exe" /HideUninstall /HideDir /PC=CP.SAV /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [pze] D:\Program Files\prpo\ishxpb.exe
O4 - HKLM\..\Run: [winrest] D:\WINDOWS\system32\drivers\user\clsnum.exe
O4 - HKLM\..\Run: [KeyAgent] D:\Program Files\UBizNames\MyKey\keylaunch.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [hzmfzpwrxrtysdeutseva] D:\WINDOWS\zrdpktfo.exe
O4 - HKLM\..\Run: [D:\WINDOWS\WinTask.exe] D:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [PopMark] D:\WINDOWS\WinTask.exe
O4 - HKLM\..\Run: [ctmpsd] D:\WINDOWS\ctmpsd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Mo77RTJ2S] wshprbda.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/a1bin02.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106511023205
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0007.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {FFFFFFFF-3C18-4A7E-A29D-E24F84B79BF1} - http://64.7.220.98/downloads/pi1_20.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - D:\WINDOWS\isrvs\mfiltis.dll

3
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by crunchie
0

Hi Nanosani. Thank you for your reply.
Alright, I downloaded lspfix, removed aklsp.dlll, and went ahead and fixed the 3 items from hijackthis.
How do I proceed now?
Thank you!

0

Hi Crunchie,
I followed the procedure you sent me, but I get stuck in the part where I start the KAV full system scan on the computer in safe mode. The scanning process begins, but after 10 or 15 seconds, I get a window that says

Kaspersky Antivirus Service has encountered a problem and needs to close. We are sorry for the inconvenience.

As soon as I closed, I rebooted the computer into Safe Mode again following the instructions given, including stopping the explorer.exe process as indicated, and when I start the full scan again, I get yet again the same window as I mentioned above. Do you have any suggestions as to what may be the problem? What should I do next?
Thanks for your help. I know we'll get to the bottom of this!

0

Not sure what the problem may be. Maybe you can do the scan in normal mode and see how it goes. I do not have enough info on this infection to give any positive advice, only that AFAIK, Calamity Jane's fix is the only one that works.
Post back when you have gone through the instructions again (in normal mode). Perhaps you will be able to run the scan in safe mode once you have one it in normal mode.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.