Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pokapoka79.exe removal?

Started by DaWolf879 , Aug 19 2006 08:53 AM

  • Please log in to reply

#1
DaWolf879
Posted 19 August 2006 - 08:53 AM

DaWolf879

    New Member

  • Member
  • Pip
  • 3 posts
here is the hijack this&ewido log files




Logfile of HijackThis v1.99.1
Scan saved at 10:49:51 AM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155971791875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155971770453
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:38:44 AM 8/20/2006

+ Scan result:



C:\Program Files\Aprps -> Adware.Apropos : No action taken.
C:\Program Files\Aprps\AI_23-10-2005.log -> Adware.Apropos : No action taken.
C:\Program Files\Aprps\AI_27-10-2005.log -> Adware.Apropos : No action taken.
C:\Program Files\NaviSearch -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\Uninstall.exe -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\bin -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1116176035.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1119478427.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1119826516.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1124859795.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1127514511.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1127841922.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1128127455.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1128460619.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1128461248.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1128984146.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1128990955.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1129154005.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1130713471.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1130900127.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1131314133.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1132858566.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1133221010.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1133392671.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1136230464.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\t1137251041.dec -> Adware.BargainBuddy : No action taken.
C:\Program Files\NaviSearch\ub.dat -> Adware.BargainBuddy : No action taken.
C:\Program Files\Web Offer -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\INSTALL.LOG -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\UNWISE.EXE -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\basisp.dst -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\basisp.kwd -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\basisp.pu -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\basisp.rst -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\gendis.ez -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\paramp.ez -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\rwdsp.rst -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\upgradep.vrn -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\versionp.vrn -> Adware.eZula : No action taken.
C:\Program Files\Web Offer\wndbannnp.src -> Adware.eZula : No action taken.
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : No action taken.
C:\Program Files\Internet Optimizer\update -> Adware.InternetOptimizer : No action taken.
C:\Program Files\ISTbar -> Adware.ISTBar : No action taken.
C:\Program Files\ISTbar\imagemap_normal.bmp -> Adware.ISTBar : No action taken.
C:\Program Files\ISTbar\version.txt -> Adware.ISTBar : No action taken.
C:\Program Files\ISTsvc -> Adware.ISTBar : No action taken.
C:\Program Files\Media Access -> Adware.MediaAccess : No action taken.
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : No action taken.
C:\Documents and Settings\Default User\Start Menu\Programs\Power Scan -> Adware.PowerScan : No action taken.
C:\Documents and Settings\Nicki\Start Menu\Programs\Power Scan -> Adware.PowerScan : No action taken.
C:\Documents and Settings\Owner\Start Menu\Programs\Power Scan -> Adware.PowerScan : No action taken.
C:\Program Files\Power Scan -> Adware.PowerScan : No action taken.
C:\Program Files\MaxSpeed -> Adware.SideFind : No action taken.
C:\Program Files\SEP -> Adware.SideFind : No action taken.
C:\Program Files\SideFind -> Adware.SideFind : No action taken.
C:\Program Files\SideFind\sfexd001 -> Adware.SideFind : No action taken.
C:\Program Files\SideFind\update -> Adware.SideFind : No action taken.
C:\WINDOWS\Temp\addit.exe -> Adware.WinFetcher : No action taken.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Nicki\Application Data\Mozilla\Firefox\Profiles\jd4p6f6a.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sg13i7ru.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Default User\Local Settings\Temp\131556_2964_2664_3988_79.41.tst -> Trojan.EliteBar.h : No action taken.
C:\Documents and Settings\Nicki\Local Settings\Temp\131556_2964_2664_3988_79.41.tst -> Trojan.EliteBar.h : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\131556_2964_2664_3988_79.41.tst -> Trojan.EliteBar.h : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\131556_2964_2664_3988_79.41.tst -> Trojan.EliteBar.h : No action taken.
C:\x.bat -> Trojan.Zapchast : No action taken.


::Report end
  • 0

Advertisements

#2
DaWolf879
Posted 19 August 2006 - 01:01 PM

DaWolf879

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I also found this virus as well w/ewido trojan.zapchest located C:\x.bat


I just bought the comp from my neighbor 4 $200 us. It has a athlon xp 2.2 512 megs ram 80 gb hd dvd writer and speakers. Thought it was a good deal but it had a ton of virus&malware on it. I used mcafee suite 2 get rid of most of them but these last few are tough. Any help would be great.

Edited by DaWolf879, 19 August 2006 - 04:21 PM.

  • 0

#3
DaWolf879
Posted 20 August 2006 - 08:59 AM

DaWolf879

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Is there any moderator's out there that can help me with my problem?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP