Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pokki folder?


  • Please log in to reply
4 replies to this topic

#1 Tnbrat94

Tnbrat94

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 January 2017 - 08:04 AM

While I am getting help here for my laptop, I thought I would scan my desktop with AdwCleaner to see if there was anything. I try and make it a habit to use Malwarebytes every month on both. When the AdwCleaner was done, it stated that it found a public folder on my pc named "Pokki". I've googled it and some say it should be removed and some say that it's not dangerous. I did click to clean it along with some registries that it found. I haven't noticed any problems before the scan, so I'm not sure what it was. Is it a virus that I need to pop over on the other thread and get help solving? I searched the "Remove Programs" and did not see anything with the name pokki on it. And I've done searches on my pc for the name as well, and it seems to be gone. Any ideas??

 

I am using Windows 10, Firefox 50.1

I scanned with AdwCleaner, Malwarebytes, Window Defender, and Rkill (just to be on the safe side). Logs are listed below.

 

Thank you for any help. It's pretty screwed up that these are happening. We don't use our pcs to wonder off into the deep web. It's basically YouTube, Google, and Facebook. The kids play games like from Nickelodeon and such. But that's it.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2017
Scan Time: 6:39 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.01.12.06
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Mystic Pagan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294805
Time Elapsed: 18 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


# AdwCleaner v6.042 - Logfile created 12/01/2017 at 06:26:59
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Mystic Pagan - DESKTOP-GLV3U1T
# Running from : C:\Users\Mystic Pagan\Downloads\adwcleaner_6.042.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Public\Pokki


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2359 Bytes] - [07/07/2016 07:25:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1853 Bytes] - [12/01/2017 06:26:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2180 Bytes] - [06/07/2016 15:19:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [2253 Bytes] - [07/07/2016 07:22:33]
C:\AdwCleaner\AdwCleaner[S3].txt - [2264 Bytes] - [12/01/2017 06:22:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2145 Bytes] ##########
 


Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/12/2017 06:34:36 AM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/12/2017 06:37:02 AM
Execution time: 0 hours(s), 2 minute(s), and 26 seconds(s)
 



BC AdBot (Login to Remove)

 


#2 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 January 2017 - 09:11 AM

Just to update: I just scanned using the TFC.



#3 aworrier

aworrier

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 12 January 2017 - 08:24 PM

I've got the same hit on my PC. By chance, is this an Acer computer? Pokki seems to some start menu creating program which Acer comes with preinstalled in Windows 8. In my Windows 10 PC, adwcleaner just alerted me to the folder. Inside is something called identifier which appeared and has not been modified since the first time the computer was turned on.



#4 Tnbrat94

Tnbrat94
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 January 2017 - 10:55 PM

I've got the same hit on my PC. By chance, is this an Acer computer? Pokki seems to some start menu creating program which Acer comes with preinstalled in Windows 8. In my Windows 10 PC, adwcleaner just alerted me to the folder. Inside is something called identifier which appeared and has not been modified since the first time the computer was turned on.

 

Yes it is. When I got the computer last year it had windows 8 on it. But we upgraded to 10 when it was free. I didn't look in the folder or anything. As soon as adwcleaner alerted it, I went searching on google about it. Which is pretty confusing because some are calling it a virus while others are just stating that it's a part of windows.



#5 aworrier

aworrier

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 12 January 2017 - 10:58 PM

 

I've got the same hit on my PC. By chance, is this an Acer computer? Pokki seems to some start menu creating program which Acer comes with preinstalled in Windows 8. In my Windows 10 PC, adwcleaner just alerted me to the folder. Inside is something called identifier which appeared and has not been modified since the first time the computer was turned on.

 

Yes it is. When I got the computer last year it had windows 8 on it. But we upgraded to 10 when it was free. I didn't look in the folder or anything. As soon as adwcleaner alerted it, I went searching on google about it. Which is pretty confusing because some are calling it a virus while others are just stating that it's a part of windows.

 

Someone could perhaps elaborate on this but I've ran the folder and its single content through different scanners and it comes up clean. I know in windows 8 it provided an added start menu functionality. In windows 10 it is now useless and the file does not even seem to have a type. I just deleted this folder myself but I think we are safe. Pokki is a legitimate company partnered with Acer from what I've read.


Edited by aworrier, 12 January 2017 - 10:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users