Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Kalvghj32.exe -- What the heck is this


  • Please log in to reply

#1
carrenr

carrenr

    New Member

  • Member
  • Pip
  • 2 posts
HELP and double HELP

I can't get past the log on screen once I click and then the XP says it's setting my personal settings, then a message box appears saying I have x-number of minutes before rebooting (which it does automatically).
But...before it does, I caught something which said kalvghy32.exe

Can you help identify this and how do I kill it before the PC reboots. I do have access to this PC (my bosses office), so I'll follow you step by step.

Thanks.
  • 0

Advertisements


#2
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

Before running this you will need to boot the computer into safe mode since it doesn't seem you are even able to get into normal mode. To do this follow these instructions:

Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

After you boot into safe mode, then run Hijack This, save the log, and paste the contents back here.

-=jonnyrotten=- :tazz:
  • 0

#3
carrenr

carrenr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi Johnny,
Logfile of HijackThis v1.99.0
Scan saved at 4:13:11 PM, on 1/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\system32\mskhhe.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9AF27826-DC3D-018A-B1E1-C5BC31D10FE7} - C:\WINDOWS\system32\ovphowzn.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [hyzil] c:\windows\hyzil.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Zglhlo.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Kfweug.exe
O4 - HKLM\..\Run: [sain] c:\windows\system32\sain.exe
O4 - HKLM\..\Run: [rabut] C:\WINDOWS\rabut.exe
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\system32\kalvghj32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0D2171-579F-4F05-9BA4-7A53A6E5DB0F}: NameServer = 4.2.2.2,4.2.2.1
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mshfan.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\system32\msupd5.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Network Connections Sharing - Unknown - C:\WINDOWS\System32\wins\svchost.exe (file missing)

Hope this helps and I do really appreciate it!


Carren
  • 0

#4
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Ok, reboot back into Safe Mode.Go to control panel, add/remove programs and uninstall any or all of the following:

TV Media
Windows Adcontrol
Surf Side Kick
NewDotNet (new.net)
WebRebates
Ebates
MoeMoneyMaker
WhenU
180 Solutions
myway
mysearch
mywebsearch
viewpoint manager
viewpoint
wild tangent
weatherbug
gain
gator
gmt
wintools
any searchbar/toolbar besides google

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\system32\mskhhe.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: (no name) - {9AF27826-DC3D-018A-B1E1-C5BC31D10FE7} - C:\WINDOWS\system32\ovphowzn.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [hyzil] c:\windows\hyzil.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Zglhlo.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Kfweug.exe
O4 - HKLM\..\Run: [sain] c:\windows\system32\sain.exe
O4 - HKLM\..\Run: [rabut] C:\WINDOWS\rabut.exe
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\system32\kalvghj32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mshfan.dll
O23 - Service: Network Connections Sharing - Unknown - C:\WINDOWS\System32\wins\svchost.exe (file missing)

Be sure you're able to view hidden files. To view Hidden files, go to control panel, folder options, click the "View" tab, and scroll down the list and select the option "Show Hidden Files and Folders". Remove the following files in bold (if found):

C:\WINDOWS\system32\mskhhe.dll
C:\WINDOWS\EliteToolBar
C:\WINDOWS\system32\ovphowzn.dll
C:\WINDOWS\EliteSideBar
c:\windows\hyzil.exe
C:\Program Files\SurfSideKick 2
C:\WINDOWS\system32\Zglhlo.exe
C:\WINDOWS\system32\Kfweug.exe
c:\windows\system32\sain.exe
C:\WINDOWS\rabut.exe
C:\WINDOWS\system32\kalvghj32.exe

Copy and paste the quoted text below into a text editor such as Notepad.
Save this text as elitefix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Double-click on elitefix.reg. When it asks you to merge the information to the registry click Yes.


REGEDIT4

[-HKEY_CURRENT_USER\Software\LQ]

[-HKEY_LOCAL_MACHINE\SOFTWARE\ohbbackup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Elitum]


Now reboot into normal mode, rescan with Hijack This and post a new log.

-=jonnyrotten=- :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP