Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Logfile of HijackThis v1.99.1
Scan saved at 16:43:10, on 2005-09-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

I bough a new computer 2 days ago and im using win xp pro
Yestarday i got this virus of some kind called pokapoka70.exe wich starts popups like evry minute. I tried adaware, spybot, web sweeper and some more programs and it removes it, but if i scan like 1-2 mins later, evrything is there again. Anyone that can help me with this?

Here is my hijackthis log.

thanks

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Program\LF Connection Keeper\LFConnectionKeeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program\LF Connection Keeper\LFConnectionKeeper.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitekad32.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127482113484
O18 - Protocol: bw+0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
Premium Member
Joined
·
8,700 Posts
Will move this to the "Hijack this help" forum where the experts can see it and help you
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Jori,

Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Again, you should not have any open browsers when you are following the procedures below.

Download LQfix.exe and place it on your desktop.
  • Doubleclick LQfix.exe and click install.
  • Leave the default settings. If you change them, the fix will fail.
  • Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
  • Follow the prompts on the screen.
  • Your system will reboot afterwards.
  • Please be patient after reboot, because there is a script running in the background

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe

Delete all of these 018 entries except the first one --leave that:
O18 - Protocol: bw+0 - {641BC2F2-89ED-4DC5-8CA7-A5E009B73A37} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


Do a search via Start>Search for the following file and delete if found:

xpjava.exe

Reboot into Normal Mode.

Perform an online scan using Internet Explorer with Panda ActiveScan - requires Internet Explorer

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply along with a new HijackThis log.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top