Many Problems...

I've somewhat disabled the PokaPoka79 thing using Spybots TeaTimer, but when I tried to disable WinSync, it wouldn't ever close. TeaTimer kept popping up a message saying that WinSync was denied in changing the registry. I'm still getting periodic pop-ups when I open IE. Little help is needed in trying to eradicate the problem, not to mention finding it.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:55 PM, on 11/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Utopia\Angel\Angel.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\farrishj\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaokyc.exe reg_run
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1130614217281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130614701765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cloverleaf.us
O17 - HKLM\Software\..\Telephony: DomainName = cloverleaf.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cloverleaf.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cloverleaf.us
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\Program Files\System Files\plugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

I've tried to delete it from the registry, but as you can see:

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\yaokyc.exe reg_run

...it's still there. How can I totally remove it?

Here's the PokaPoka79 thing in my Spybot report:

10/28/2005 2:56:59 PM Denied value "System service79" (new data: "C:\WINDOWS\\\etb\\pokapoka79.exe") added in System Startup global entry!

The end of the spybot report:

10/28/2005 9:58:16 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
10/28/2005 10:02:14 PM Allowed value "System service79" (new data: "C:\WINDOWS\\\etb\\pokapoka79.exe") changed in System Startup global entry!
10/28/2005 10:02:18 PM Allowed value "System service79" (new data: "C:\WINDOWS\etb\pokapoka79.exe") changed in System Startup global entry!
10/28/2005 10:02:58 PM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
10/29/2005 6:34:57 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
10/29/2005 11:32:11 PM Allowed value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") added in System Startup global entry!
10/29/2005 11:37:14 PM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
10/30/2005 5:59:54 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
10/30/2005 7:13:47 PM Denied value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
10/30/2005 8:43:57 PM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
10/30/2005 10:13:16 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
10/31/2005 4:29:39 AM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
10/31/2005 8:17:14 AM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
11/3/2005 7:43:11 AM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
11/3/2005 1:19:30 PM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
11/3/2005 5:38:18 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
11/4/2005 7:35:21 AM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
11/4/2005 10:19:24 AM Allowed value "winsync" (new data: "") deleted in System Startup global entry!
11/4/2005 10:26:07 AM Allowed value "winsync" (new data: "C:\WINDOWS\System32\kpddks.exe reg_run") added in System Startup global entry!
11/4/2005 1:00:07 PM Allowed value "winsync" (new data: "") deleted in System Startup global entry!

Web Nexus is the problem child.

Edited by Dragun, 05 November 2005 - 04:12 PM.

#1
Dragun

Posted 04 November 2005 - 12:56 PM

Advertisements

#2
Dragun

Posted 04 November 2005 - 01:00 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us