hijackthis log

  boo_hiss_boo 22:41 27 Nov 04
Locked

part 1 - hijackthis log
Logfile of HijackThis v1.98.2
Scan saved at 21:45:23, on 27/11/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Mum\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

  boo_hiss_boo 22:43 27 Nov 04

part 2 - hijackthis log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {A5AE3E08-4175-630D-28E8-23832638C4E9} - C:\DOCUME~1\Hayley\APPLIC~1\OKAYAX~1\hole copy.exe

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [WinPatrol PLUS] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=click here

O16 - DPF: Yahoo! Gin - click here

O16 - DPF: Yahoo! Graffiti - click here

O16 - DPF: Yahoo! MahJong - click here

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - click here

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - click here

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - click here

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - click here

  boo_hiss_boo 22:44 27 Nov 04

I hope this is ok. I did post it into the original thread but I remeber reading once that these should be a new thread called hijack this log. Hope thats right

Thanks
Boo

  VoG II 22:48 27 Nov 04

Link to old thread click here

  boo_hiss_boo 22:58 27 Nov 04

Vog

do you want me to close the old thread.... sorry, I got a bit confused... :o)

Boo

  VoG II 23:02 27 Nov 04

Nope. Wait for Nellie2.

  boo_hiss_boo 23:06 27 Nov 04

OK thanks

  Nellie2 23:06 27 Nov 04

Ummm shall I post in this one or the other one? :/

  Nellie2 23:16 27 Nov 04

I'll post here!

You are running hijackthis directly from the zip file, could you extract it into it's own folder and run it from there.. that way backups will be saved inside the hijackthis folder.

When you have done that, run hijackthis again and make sure all browsers and windows are closed and put a tick against the following and click 'fix checked'

O2 - BHO: (no name) - {A5AE3E08-4175-630D-28E8-23832638C4E9} - C:\DOCUME~1\Hayley\APPLIC~1\OKAYAX~1\hole copy.exe

Then search for a folder in

C:\DOCUMENTS AND SETTINGS\Hayley\APPLICATION DATA\OKAYAX~1\ <--- this is the folder but I can only see the first six letters of the name which are OKAYAX.. inside the folder will be the 'hole copy.exe' Delete the folder with the exe inside and then reboot and that should do it.

  boo_hiss_boo 00:14 28 Nov 04

Nellie

thanks, thats great. Just one question if you don't mind.

When I was deleting the folder OKAYAXIS, I saw another folder which looks mildly suspicious. It is called 'stupid manager 4' and contains 3 exe files called

bib beep else acid
proxymess coal
xkxosiag

can you tell from the above if this is something I should delete. I don't seem to have anything else going wrong with the pc, but it just seemed a little suspicious.

Thanks
Boo

  Nellie2 00:33 28 Nov 04

I'm glad you said that because I was expecting to see an 04 entry as well as the O2.. but it wasn't there. For some reason the start up had been disabled and wasn't running.. but you have found it. Yes delete that folder. :)

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

These are the Best Christmas Ads and Studio Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…