|
| ||
| Re: Search Results for poker online Thank you craperjack and crunchie for assisting miepmiep that i could find help for such similiar problem. I am having problem with the pop up of poker too, exactly, the same. Search for Poker Online. I have initially messed around with my regedit file to try to remove it. I got no idea how to get rid of it. I used Lavasoft Personal SE, adware remover. However, the problem still persist. Logfile of HijackThis v1.98.2 Scan saved at 9:49:17 AM, on 4/12/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows TaskAd\WinSched.exe C:\Program Files\Windows TaskAd\WinTaskAd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\devldr32.exe C:\Download\ad-aware\hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvdme32.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [E981F653] C:\WINDOWS\system32\ctLinra.exe O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [FDBF3A4E] C:\WINDOWS\system32\dsntcer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [kbdsw] C:\WINDOWS\System32\kbdsw.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [FDBF3A4E] C:\WINDOWS\system32\dsntcer.exe O4 - HKCU\..\Run: [E981F653] C:\WINDOWS\system32\ctLinra.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PD - {B87C54D9-69CC-4DF6-847C-2C7CABC992E5} - C:\Program Files\Popup Defender\pd.exe O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/D.../Client_IE.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.nuker.com/products/swn200...rInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102059788113 Hope to get some help. |
| ||
| Re: "poker online" problem (HijackThis log included) OK, here we go... 1. SpyKiller, BestPopUpKiller, and SpyHunter all fall into the category of "dubious" programs, in that they are unreliable and at the very least return "false positive" findings as a way of enticing users to buy the commercial versions of the programs. You should uninstall them and use the trusted, recommended (and free) alternatives instead. For more information on bogus vs. legit "spyware" utilities, please visit this site: http://www.spywarewarrior.com/rogue_anti-spyware.htm Links to some of the reputable programs (of which Lavasoft's Ad Aware is one) can be found in my sig below. 2. " C:\Program Files\Internet Explorer\IEXPLORE.EXE" That entry in your HJT log indicates that you had at least on instance of Internet Explorer running when you ran HijackThis. HJT cannot fully perform its fixes unless all instances of your web browsers are closed. Please make sure that is the case before proceeding. * -> Before doing the following, you should probably disable XP's System Restore function. Instructions for doing so (and an explanation of why you should) can be found here. 3. Once you have closed all instances of all web browsers, have HijackThis fix: O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvdme32.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [E981F653] C:\WINDOWS\system32\ctLinra.exe O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe O4 - HKLM\..\Run: [FDBF3A4E] C:\WINDOWS\system32\dsntcer.exe O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe O4 - HKCU\..\Run: [kbdsw] C:\WINDOWS\System32\kbdsw.exe O4 - HKCU\..\Run: [FDBF3A4E] C:\WINDOWS\system32\dsntcer.exe O4 - HKCU\..\Run: [E981F653] C:\WINDOWS\system32\ctLinra.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/...s/Client_IE.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.nuker.com/products/swn20...erInstaller.exe 4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) - Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files". - Locate and delete the following files: C:\windows\system32\kalvdme32.exe C:\WINDOWS\system32\ctLinra.exe C:\WINDOWS\system32\xpsp2fw.exe C:\WINDOWS\system32\dsntcer.exe C:\WINDOWS\System32\kbdsw.exe C:\WINDOWS\system32\dsntcer.exe C:\WINDOWS\system32\ctLinra.exe - Locate and delete the following folders entirely: C:\Program Files\Enigma Software Group C:\Program Files\Windows TaskAd C:\Program Files\Common Files\tsa C:\Program Files\SpyKiller C:\Program Files\BestPopUpKiller - For every user account listed under C:\Documents and Settings, delete the entire contents of these folders: 1. Local Settings\Temp 2. Cookies 3. History 4. Local Settings\Temporary Internet Files\Content.IE5 - Delete the entire content of your C:\Windows\Temp folder. Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK. - Empty your Recycle Bin. - Reboot normally. 5. Post a fresh/new HijackThis log. |
| ||
| Re: "poker online" problem (HijackThis log included) Thank you DMR for helping me with the "search for online poker" pop up that goes up every 1 minute. At this moment, i am not experiencing any such pop up. Thanks for helping me keep my computer clean from pop up. Excellent help and precise step by step guide. |
| ||
| Re: "poker online" problem (HijackThis log included) Glad we could help! :) To lessen your chances of reinfection, you should probably download and install SpywareBlaster and SpywareGuard as a measure of protection. I'd also suggest that you use SpyBot Search & Destroy in conjunction with Ad Aware. SpyBot is very similar in function to Ad Aware, but will sometimes catch things that Ad Aware misses; using the two programs together is a Good Idea. Download links for a three of the above utilities are in my sig file below. |
| ||
| Re: "poker online" problem (HijackThis log included) ACK! It's back again. By the way, the last time i delete some of the files some could not be found even when i show hidden file + protected to be shown. here is the new hijack log, hope to find further help. It's back again. I have not done any surfing but only check e-mail. I had not used the computer few days back either, so i didn't really get to fully test it out for a whole day. Logfile of HijackThis v1.98.2 Scan saved at 4:41:25 AM, on 8/12/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuclient.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\system32\spoolsv.exe C:\Download\ad-aware\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvxxv32.exe O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102059788113 |
| ||
| Re: "poker online" problem (HijackThis log included) Crud- I missed one in my earlier post... 1. Have HJT fix the following: " O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe" 2. Although the actual filename has morphed slightly (in your last log it was named "kalvdme32.exe"), this gremlin is still present: O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvxxv32.exe ** Note: That file may change its name slightly again, but this particular infection has a pattern: the filename will always be kalvxyz32.exe, where xyz are the only letters of the name which change. Have HJT fix that entry, reboot into Safe Mode, delete wuclient.exe and kalv(whatever)32.dll, and empty your trash. |
| ||
| Re: "poker online" problem (HijackThis log included) Can't thank you enough, i now learnt more about removing the "gremlin" ;) Cheers! |
| ||
| Re: "poker online" problem (HijackThis log included) Again- you're welcome. Now let's hope it worked... The kalvxyz32.dll bit seems like it might be related to the EliteToolbar pest that's making the rounds, but there isn't really a heck of a lot of definitive info available on the beast; I was only able to confirm the (psuedo-random) pattern of the filename change yesterday or the day before. Let us know if it crops up again please. |
| ||
| Re: "poker online" problem (HijackThis log included) It's been a while, and i would like to let you know that the comp i was using has no longer experience pop ups problem. Thanks again. |
| ||
| Re: "poker online" problem (HijackThis log included) Thanks for the follow-up; glad we could help. :) |
| All times are GMT -4. The time now is 5:47 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC