Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis Log [CLOSED]

Started by habari42 , Jun 09 2005 01:31 PM

  • This topic is locked This topic is locked

#1
habari42
Posted 09 June 2005 - 01:31 PM

habari42

    New Member

  • Member
  • Pip
  • 8 posts
Hi. My Highjackthis log shows the an 017 item which is a Dialer Highjack/aoldsl.net. I always fix it but it always returns. I have tried adding the URL to my Spyblocker blocked list but it continues to turn up. May I have your advise please.? Cheers, Alpha. :tazz:
  • 0

Advertisements

#2
habari42
Posted 11 June 2005 - 07:36 AM

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi. Further to my previous posting of 9 June, I have just done a WhoIs on aoldsl.net which links it to America Online !! This seems very odd to me for an 017 Domain Highjack item. !! Or is it.? Can someone explain,please? Cheers, Haba. :tazz:
  • 0

#3
Guest_usetobe_*
Posted 11 June 2005 - 10:01 AM

Guest_usetobe_*
  • Guest
Hi Habiri,

Please post a HJT log, so i can check it out for you.
  • 0

#4
habari42
Posted 12 June 2005 - 01:15 PM

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[quote name='usetobe' date='Jun 11 2005, 11:01 AM']
Please post a HJT log, so i can check it out for you.



Thanks. Here is the log-- the last entry is the issue. Cheers, Haba.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:18, on 12/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KEYHOOK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYWARESTOPPER\SPYWARESTOPPER.EXE
C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYBLOCKER.EXE
C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOC412.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE
C:\PROGRAM FILES\PESTPATROL\PESTPATROLCL.EXE
C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\AOL 8.0A\AOLTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SpywareStopper] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\SPYWARESTOPPER\spywarestopper.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\spyblocker.exe
O4 - HKLM\..\Run: [BOC-412] C:\PROGRA~1\NSCLEAN\BOCLEAN\BOC412.EXE
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe c:\ /extensions=ALL /idle /delete
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0a\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#5
Guest_usetobe_*
Posted 13 June 2005 - 02:06 AM

Guest_usetobe_*
  • Guest
Is Aol your isp? if not have you had Aol at any pint as you are running AOL 8 systray icon
  • 0

#6
habari42
Posted 13 June 2005 - 05:52 AM

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[quote name='usetobe' date='Jun 13 2005, 03:06 AM']
Is Aol your isp? if not have you had Aol at any pint as you are running AOL 8 systray icon

Yes, I have AOL 8. I don't know if there is any connection,but I have been unable to get AVG7 updates and found that the relative AVGINET.EXE had been removed from my Outpost firewall Application setting in Trusted and added into Blocked. I corrected this but it has now happened again and the same thing is
happening to WAOL.EXE and AOL.EXE,which interferes with my AOL connection. Cheers, Haba.
  • 0

#7
Guest_usetobe_*
Posted 13 June 2005 - 06:24 AM

Guest_usetobe_*
  • Guest
alrighty,


First thing we need to do is disable S&D teatimer, Pest patrol, Spyblocker, spyware stopper and Boclean, as they may be interfering with what you and i will be doing. Th 017 entry is legitimat from AOL and is not a hijacker.

Now reboot your pcc into SAFE MODE by tapping the F8 key whilst your pc boots up, select safe mode option.

Rescan with HJT and check the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

If you or system administrator has not set policy restrictions or set in S&D, then also check the following

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Ensure no windows open except HJT and click fix checked.

Carry out a free online virus check at the following location and post the log back.

Panda Activescan

Reboot normally, rescan with HJT and post the log back
  • 0

#8
habari42
Posted 13 June 2005 - 09:38 AM

habari42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry. I'm not at all clear of your meaning when you say "or set in S&D". Could you clarify,please.? Cheers, Haba. :tazz:
  • 0

#9
Guest_usetobe_*
Posted 13 June 2005 - 09:40 AM

Guest_usetobe_*
  • Guest
have you set a policy with DSpybot S&D,, I f you do not know i woyuld therefore suggest that you haven't
  • 0

#10
Guest_usetobe_*
Posted 07 July 2005 - 08:15 AM

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP