Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Poker search hijack[RESOLVED]


  • This topic is locked This topic is locked

#1
Maetrix

Maetrix

    New Member

  • Member
  • Pip
  • 2 posts
Not sure if anyone else has seen this. This just started happening tonight. I went through AdAware and Spybot and came up with nothing. I also tried to find anything in the "Remove Programs" list in Windows and couldn't find anything. I keep my log pretty skimpy and hijackthis didn't find anything unusual.

What happens is that anytime I put the work "poker" into my web search it will redirect me to www.pokerroom.com. It happens in google, askjeves, and ebgames.com search option. I am trying to get rid of it but haven't had any luck so far. Any ideas?

Logfile of HijackThis v1.99.0
Scan saved at 10:48:00 PM, on 1/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Any help would be appreciated. Thanks!
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Welcome to Geeks to Go Maetrix. I would like to investigate this hijack further, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Maetrix

Maetrix

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for the update. I did as you wanted me to do and here's the new log file. I appreciate any help anyone can offer. I'll keep trying from this end as well.

Logfile of HijackThis v1.99.0
Scan saved at 11:28:10 PM, on 1/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\msupd5.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Cory\Desktop\HijackThis.exe

O2 - BHO: (no name) - {19B7E463-B9E0-52CE-9640-4BB14B2061C4} - C:\WINDOWS\System32\fakecmbc.dll
O2 - BHO: (no name) - {E8ECBB2A-3B71-6482-D4F6-B481648CD361} - C:\WINDOWS\System32\guyzfmlr.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O2 - BHO: (no name) - {19B7E463-B9E0-52CE-9640-4BB14B2061C4} - C:\WINDOWS\System32\fakecmbc.dll
O2 - BHO: (no name) - {E8ECBB2A-3B71-6482-D4F6-B481648CD361} - C:\WINDOWS\System32\guyzfmlr.dll
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\msupd5.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINDOWS\System32\fakecmbc.dll
C:\WINDOWS\System32\guyzfmlr.dll
C:\WINDOWS\System32\msupd5.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :tazz:
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP