Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

popup situation/poka poka?

Started by Moonshade , Sep 04 2005 02:45 AM

  • Please log in to reply

#1
Moonshade
Posted 04 September 2005 - 02:45 AM

Moonshade

    New Member

  • Member
  • Pip
  • 3 posts
im getting a few amount of popups but also this weird application error thing every minute when i have my comp on. Its some pokapoke65.exe? and theres like other 60 somethings. i tried to go on safe mode, didnt let me log on for some reason.

anyways, heres the log: and thanks for looking at this for me

Logfile of HijackThis v1.99.1
Scan saved at 1:42:04 AM, on 9/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alienware Themes\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Calvin Cheng\Local Settings\Temp\HijackThis.exe
C:\WINDOWS\etb\pokapoka65.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteizx32.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\WINDOWS\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack2] msncx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116304501562
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O20 - Winlogon Notify: WB - C:\Program Files\Alienware Themes\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
  • 0

Advertisements

#2
Wizard
Posted 04 September 2005 - 04:10 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Moonshade and Welcome to GeekstoGo!

Download LQfix.exe and place it on your desktop.

Doubleclick LQfix.exe and click install.

This will create a new folder called LQfix on your desktop.

Open the folder and doubleclick ClickThis.bat

Follow the prompts on the screen.

Your system will reboot afterwards.

Please be patient after reboot, because there is a script running in the background.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.


Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop or a location where you can find it easily.

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind-> Ewido and Panda!
  • 0

#3
Moonshade
Posted 04 September 2005 - 12:25 PM

Moonshade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
My system cant run safemode for some reason.. it still automatically restarts when it loads itself on the login screen..
The winpfind gives a file not found in the middle of the scan and stops working.
Cleanup is unable to cleanup the entire folder, even after restart, and I cant start in safe mode.

Heres my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 10:35:10 AM, on 9/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alienware Themes\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Calvin Cheng\Local Settings\Temp\HijackThis.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\WINDOWS\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack2] msncx.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116304501562
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O20 - Winlogon Notify: WB - C:\Program Files\Alienware Themes\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

And heres my Ewido scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:20:05 AM, 9/4/2005
+ Report-Checksum: 5F528732

+ Scan result:

HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Calvin Cheng\Application Data\Mozilla\Firefox\Profiles\uox3pa01.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\My Shared Folder\(DAP).Download.Accelerator.Plus.v7.4.0.1.Cracked.WORKING-SG\DAP.exe -> Spyware.Dap : Cleaned with backup
C:\My Shared Folder\(DAP).Download.Accelerator.Plus.v7.4.0.1.Cracked.WORKING-SG..rar/DAP.exe -> Spyware.Dap : Cleaned with backup
C:\Program Files\DAP\DAP.exe -> Spyware.Dap : Cleaned with backup
C:\WINDOWS\dreese.exe -> Spyware.EliteBar : Cleaned with backup


::Report End

And finally my Panda scan:


Incident Status Location

Spyware:spyware/media-motor No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\mm81.ocx
Adware:adware/lop No disinfected \C2Media
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\CALVIN CHENG\FAVORITES\Casino & Carrers
Adware:adware/hotoffers No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\License inside global dvd\road list.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Calvin Cheng\Application Data\Stylemess\gjwvfktq.exe
Virus:W32/Gaobot.DTS.worm Disinfected C:\WINDOWS\system32\TFTP6120
  • 0

#4
Wizard
Posted 05 September 2005 - 05:02 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,lets give this a try!

Go to Add\Remove Programs and Remove any of these that exist

Download Accelerator Plus
Browser Enhancer
Browser Enhancer
Ultimate Browser Enhancer
Ultimate Browser Enhancer
L.O P. Uninsta11
L O.P. Uninstal1
Live 0nline Portal
Live.0nline Porta1

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

Required Service Drivers

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Click Apply-> OK and Exit the Services Page!


Download Pocket KillBox from here:
http://www.atribune....llBox_beta_.exe

Highlight the list below and press Ctrl+C to Copy!

C:\Windows\micront.exe
C:\Windows\wini.exe
C:\WINDOWS\dreese.exe
C:\Windows\msncx.exe
C:\Windows\System32\micront.exe
C:\Windows\System32\wini.exe
C:\Windows\System32\msncx.exe
C:\WINDOWS\system32\TFTP6120
C:\WINDOWS\DOWNLOADED PROGRAM FILES\mm81.ocx
C:\DOCUMENTS AND SETTINGS\CALVIN CHENG\FAVORITES\Casino & Carrers
C:\Documents and Settings\All Users\Application Data\License inside global dvd
C:\Documents and Settings\Calvin Cheng\Application Data\Stylemess
C:\Program Files\DAP

Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe

O4 - HKCU\..\RunServices: [MediaXPServicePack2] msncx.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!

sc stop Required Service Drivers
and
sc delete Required Service Drivers

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Post back with a fresh HijackThis log and the report from Kaspersky!

Edited by Cretemonster, 05 September 2005 - 05:04 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP