PC acting wierd. had pokapoka file. Log included

Expand Post »

Hello

My girlfriends computer is really acting wierd. If it connects to the wireless internet, it terminates all computers connection within 1 minute. Support tells me to upgrade to XP SP2, but it cannot upgrade to XP servicepack2 (autorun file tries to start, but stops and I get the standard windows error-popup).

Also she had the Yupsearch searchbar in her IE.

Can someone please take some time and look over the log? I have no clue what to look for.

We did something bad though (I think), we follow the instruction another user got here and got HJT to remove pokapoka62.exe file, and deleted the ETB folder in c:\windows.

I really appreciate if you do this, otherwise the only thing I know how to do is to format the entire thing and start all over

Logfile of HijackThis v1.99.1
Scan saved at 19:22:10, on 05.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Martine\Skrivebord\hijackthis.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.queenofwands.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcom...e.php?url=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0...chPageHome.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra chello broadband n.v.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O1 - Hosts: 69.50.190.26 www.halifax-online.co.uk
O1 - Hosts: 69.50.190.26 ibank.barclays.co.uk
O1 - Hosts: 69.50.190.26 online.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 online-business.lloydstsb.co.uk
O1 - Hosts: 69.50.190.26 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 69.50.190.26 www.nwolb.com
O1 - Hosts: 69.50.190.26 banesnet.banesto.es
O1 - Hosts: 69.50.190.26 extranet.banesto.es
O1 - Hosts: 69.50.190.26 ebanking.bccbrescia.it
O1 - Hosts: 69.50.190.26 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 69.50.190.26 www.rbsdigital.com
O1 - Hosts: 69.50.190.26 oi.cajamadrid.es
O1 - Hosts: 69.50.190.26 bancae.caixapenedes.com
O1 - Hosts: 69.50.190.26 banking.postbank.de
O1 - Hosts: 69.50.190.26 meine.deutsche-bank.de
O1 - Hosts: 69.50.190.26 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 69.50.190.26 ibank.cahoot.com
O1 - Hosts: 69.50.190.26 webbank.openplan.co.uk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [tgcmd] "C:\Programfiler\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [tgcmdStartup] wscript "C:\PROGRA~1\Support.com\PROVID~1\actions\RUNATS~1.VBS"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Microsoft IIS] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Programfiler\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - http://quickfix2.chello.no/Quickfix2...lloInstall.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136476828964
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Similar Threads

Missing bridge.dll file (HJ log included) in Viruses, Spyware and other Nasties
HighJackThis File Log, Help Needed in Viruses, Spyware and other Nasties
Open Image Files :: Autoclose :: HijackThis Log Included in Viruses, Spyware and other Nasties
Spyware Virus - Hijack Log Included in Viruses, Spyware and other Nasties
Hijacked Internet Explorer--log included in Viruses, Spyware and other Nasties

mcmoe

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since Jan 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: another poor soul spyaxe has got

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Explorer with high comsuption

DaniWeb Message

Cancel Changes

User Name
Password