Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackthis Log [CLOSED]


  • This topic is locked This topic is locked

#1
habari42

habari42

    New Member

  • Member
  • Pip
  • 8 posts
Hi. My Highjackthis log shows the an 017 item which is a Dialer Highjack/aoldsl.net. I always fix it but it always returns. I have tried adding the URL to my Spyblocker blocked list but it continues to turn up. May I have your advise please.? Cheers, Alpha. :tazz:
  • 0

Advertisements


#2
habari42

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi. Further to my previous posting of 9 June, I have just done a WhoIs on aoldsl.net which links it to America Online !! This seems very odd to me for an 017 Domain Highjack item. !! Or is it.? Can someone explain,please? Cheers, Haba. :tazz:
  • 0

#3
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Habiri,

Please post a HJT log, so i can check it out for you.
  • 0

#4
habari42

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[quote name='usetobe' date='Jun 11 2005, 11:01 AM']
Please post a HJT log, so i can check it out for you.



Thanks. Here is the log-- the last entry is the issue. Cheers, Haba.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:18, on 12/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KEYHOOK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYWARESTOPPER\SPYWARESTOPPER.EXE
C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYBLOCKER.EXE
C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC412.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE
C:\PROGRAM FILES\PESTPATROL\PESTPATROLCL.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\AOL 8.0A\AOLTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYWARESTOPPER\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\spyblocker.exe
O4 - HKLM\..\Run: [BOC-412] C:\PROGRA~1\NSCLEAN\BOCLEAN\BOC412.EXE
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe c:\ /extensions=ALL /idle /delete
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Is Aol your isp? if not have you had Aol at any pint as you are running AOL 8 systray icon
  • 0

#6
habari42

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[quote name='usetobe' date='Jun 13 2005, 03:06 AM']
Is Aol your isp? if not have you had Aol at any pint as you are running AOL 8 systray icon

Yes, I have AOL 8. I don't know if there is any connection,but I have been unable to get AVG7 updates and found that the relative AVGINET.EXE had been removed from my Outpost firewall Application setting in Trusted and added into Blocked. I corrected this but it has now happened again and the same thing is
happening to WAOL.EXE and AOL.EXE,which interferes with my AOL connection. Cheers, Haba.
  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
alrighty,


First thing we need to do is disable S&D teatimer, Pest patrol, Spyblocker, spyware stopper and Boclean, as they may be interfering with what you and i will be doing. Th 017 entry is legitimat from AOL and is not a hijacker.

Now reboot your pcc into SAFE MODE by tapping the F8 key whilst your pc boots up, select safe mode option.

Rescan with HJT and check the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup


If you or system administrator has not set policy restrictions or set in S&D, then also check the following

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Ensure no windows open except HJT and click fix checked.

Carry out a free online virus check at the following location and post the log back.

Panda Activescan

Reboot normally, rescan with HJT and post the log back
  • 0

#8
habari42

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry. I'm not at all clear of your meaning when you say "or set in S&D". Could you clarify,please.? Cheers, Haba. :tazz:
  • 0

#9
Guest_usetobe_*

Guest_usetobe_*
  • Guest
have you set a policy with DSpybot S&D,, I f you do not know i woyuld therefore suggest that you haven't
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP