Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log Confuzed


  • Please log in to reply
3 replies to this topic

#1 Confuzed

Confuzed

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 01 September 2005 - 04:11 PM

Hi,

I have a odd process on my computer that won't show if I search for it. And it don't appear on HJT log either.

It's called "pokapoka63.exe"

And I also have problem with yahoo messenger... I canät get in cause a window pops up saying "YPager.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created"

But if I try to start the program again the same window appear. Any suggestions on what the problem might be?

I have a free edition on Clamwin Antivirus 0.86.1 on my computer now. I'm not really ahppy with it, can the program be a cuase to my problems?

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 23:07:31, on 2005-09-01
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\loadqm.exe
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\System32\internat.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\msdos.pif
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\WinRAR\WinRAR.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 - HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program\ClamWin\bin\ClamTray.exe" --logon
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

Thanks for your help,
Confuzed
I'm the baby, gotta love me!

BC AdBot (Login to Remove)

 


#2 Confuzed

Confuzed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 03 September 2005 - 06:12 AM

More recent HJT log

Logfile of HijackThis v1.99.1
Scan saved at 13:04:50, on 2005-09-03
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\loadqm.exe
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\System32\internat.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ms-dos.pif
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM\..\RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU\..\RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

Confuzed
I'm the baby, gotta love me!

#3 jahewi

jahewi

    Anti-Malware Helper


  • Members
  • 52 posts
  • OFFLINE
  •  
  • Location:Always nearby
  • Local time:10:05 AM

Posted 03 September 2005 - 07:04 AM

Hi Confuzed,

Let's gid rid of Pokapoka, first:
1. Download LQFix (by Miekemoes) and put it on your desktop: http://users.pandora.be/bluepatchy/miekiem...tools/LQfix.exe
2. Doubleclick LQfix.exe en click install.
3. Open the new folder on your desktop, named LQfix and doubleclick ClickThis.bat
4. Your computer will reboot and LQFix will do it's task, removing pokapoka, in the background. This may take some time, so please be patient.
5. After the computer has completed the reboot, post a new HijackThis-log.

As far as i can see, you computer is not equiped with a real AntiVirus :thumbsup:
You have installed ClamWin, wich is a good virusscanner, but does not scan in realtime.
I suggest you install a real AntiVirus.
One of the following free antivirus-programs will give you the protection you need:
AVG, Avast or AntiVir
After you have installed one, please update it and do a complete scan in Save Mode


When you're done, please post a new HijackThis-log.


Good Luck, Jan :flowers:
Posted Image
... the best defence against malware is common sense ... ;)

#4 Confuzed

Confuzed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:05 AM

Posted 08 September 2005 - 11:55 AM

Hi,
did what you suggested but I'm still having trouble. Maybe this HJT log can give you a clue what it is.

Logfile of HijackThis v1.99.1
Scan saved at 18:44:46, on 2005-09-08
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\loadqm.exe
C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\Isass.exe
C:\WINDOWS\exe81.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\aydtovub.exe
C:\WINDOWS\System32\internat.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\System32\update.pif
C:\WINDOWS\System32\ms-dos.pif

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtheworld4you.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchtheworld4you.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchtheworld4you.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtheworld4you.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.03.0000.1005\sv\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [PMET] C:\WINDOWS\exe81.exe
O4 - HKLM\..\Run: [g$p$] C:\WINDOWS\exe81.exe
O4 - HKLM\..\Run: [lsass] c:\windows\system32\elitezke32.exe
O4 - HKLM\..\Run: [System Update Service] update.pif
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spoolax] C:\WINDOWS\System32\aydtovub.exe
O4 - HKLM\..\RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM\..\RunServices: [System Update Service] update.pif
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU\..\Run: [System Update Service] update.pif
O4 - HKCU\..\RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU\..\RunServices: [System Update Service] update.pif
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmesus.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe


Confuzed
I'm the baby, gotta love me!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users