Free Weekly Tech Newsletter

V101 · 05-20-2004, 06:56 AM

Hi all,
Was wondering if you could spare me a bit of you time to clear up a problem Im having. Im trying to fix a friends PC which had serious virus problems. I have ran a virus scan, and Lavasoft AdAware and have included the hijackthis log below.

The scenario - Machine is running XP, used to have Norton AV, not any more, Has Kazaa and for some reason has an AOL 6.0 and AOL 6.0a folder. When you attempt to start AOL the box pops up in the centre of screen (as expected) then nothing? All other apps will work fine, and in task manager AOL isn't shown as an APP, just a process called waol.exe which has to be stopped to get rid of the box. I decided to cut my losses and uninstall AOL using Add/Remove programs but alas, that operation is also freezing. Tried to upgrade it out of interest and...... you guessed it...... that also freezes the machine.

Any thoughts greatly appreciated, thanks in advance for your time.

********************************************

Logfile of HijackThis v1.97.7
Scan saved at 20:54:37, on 19/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL 6.0a\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Documents and Settings\Gail\Desktop\hjtlog.exe
c:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - Global Startup: AOL 6.0 Tray Icon.lnk = C:\Program Files\AOL 6.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

*************************************************

***glc*** · 05-20-2004, 08:30 AM

MyWay is crapware, uninstall it and/or remove it with Spybot and/or Ad-Aware. Get rid of the P2P installer object.

V101 · 05-20-2004, 09:03 AM

Thanks for the response.

I removed Kazaa and thought this would get rid of the P2P. How can I get rid of that now, and out of interest, what is MyWay, Ive never heard of it.

Assuming these don't work and some of the AOL files are corrupt is there any other way I can remove AOL in order to reinstall it.

Thanks.

fatboyjim · 05-20-2004, 12:44 PM

It's one of those crap IE search/utility bar things, I think...

***glc*** · 05-24-2004, 10:02 AM

Make sure you have Ad-Aware 6.0 build 181 and it's freshly updated - run it. Also download and install Spybot Search & Destroy 1.3 and run it. Ad-Aware should have found MyWay.

V101 · 05-28-2004, 06:39 AM

I have ran Adaware V6.0 and its not picking up anything, FYI the first time I ran it it picked up 510 items

. including a few high risk ones. Going to run spy sweeper now, I'll let you know the results, still have the problem with AOL....any thoughts?

Any suggestions appreciated.

V101 · 05-31-2004, 05:32 AM

ok....SpySweeper picked up a few things here and there but nothing major, any though on how to get rid of AOL, even file by file.

05-20-2004, 06:56 AM	#1
V101 Member (4 bit) Join Date: Feb 2004 Location: Scotland Posts: 9	AOL hanging PC hijack log inc. Hi all, Was wondering if you could spare me a bit of you time to clear up a problem Im having. Im trying to fix a friends PC which had serious virus problems. I have ran a virus scan, and Lavasoft AdAware and have included the hijackthis log below. The scenario - Machine is running XP, used to have Norton AV, not any more, Has Kazaa and for some reason has an AOL 6.0 and AOL 6.0a folder. When you attempt to start AOL the box pops up in the centre of screen (as expected) then nothing? All other apps will work fine, and in task manager AOL isn't shown as an APP, just a process called waol.exe which has to be stopped to get rid of the box. I decided to cut my losses and uninstall AOL using Add/Remove programs but alas, that operation is also freezing. Tried to upgrade it out of interest and...... you guessed it...... that also freezes the machine. Any thoughts greatly appreciated, thanks in advance for your time. ****************************************** Logfile of HijackThis v1.97.7 Scan saved at 20:54:37, on 19/05/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AOL 6.0a\aoltray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\PackethSvc.exe C:\Documents and Settings\Gail\Desktop\hjtlog.exe c:\hijackthis\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file) O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - Global Startup: AOL 6.0 Tray Icon.lnk = C:\Program Files\AOL 6.0a\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab *********************************************** Share Share this post on Digg Del.icio.us Technorati Twitter

05-20-2004, 08:30 AM	#2
*glc* Forum Administrator Staff Premium Member Join Date: May 2000 Location: Joplin MO Posts: 37,771	MyWay is crapware, uninstall it and/or remove it with Spybot and/or Ad-Aware. Get rid of the P2P installer object. Share Share this post on Digg Del.icio.us Technorati Twitter

05-20-2004, 09:03 AM	#3
V101 Member (4 bit) Join Date: Feb 2004 Location: Scotland Posts: 9	Thanks for the response. I removed Kazaa and thought this would get rid of the P2P. How can I get rid of that now, and out of interest, what is MyWay, Ive never heard of it. Assuming these don't work and some of the AOL files are corrupt is there any other way I can remove AOL in order to reinstall it. Thanks. Share Share this post on Digg Del.icio.us Technorati Twitter

05-20-2004, 12:44 PM	#4
fatboyjim Member (12 bit) Join Date: Feb 2001 Location: UK Posts: 2,469	It's one of those crap IE search/utility bar things, I think... Share Share this post on Digg Del.icio.us Technorati Twitter

05-24-2004, 10:02 AM	#5
*glc* Forum Administrator Staff Premium Member Join Date: May 2000 Location: Joplin MO Posts: 37,771	Make sure you have Ad-Aware 6.0 build 181 and it's freshly updated - run it. Also download and install Spybot Search & Destroy 1.3 and run it. Ad-Aware should have found MyWay. Share Share this post on Digg Del.icio.us Technorati Twitter

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter

05-28-2004, 06:39 AM	#6
V101 Member (4 bit) Join Date: Feb 2004 Location: Scotland Posts: 9	I have ran Adaware V6.0 and its not picking up anything, FYI the first time I ran it it picked up 510 items . including a few high risk ones. Going to run spy sweeper now, I'll let you know the results, still have the problem with AOL....any thoughts? Any suggestions appreciated. Share Share this post on Digg Del.icio.us Technorati Twitter

05-31-2004, 05:32 AM	#7
V101 Member (4 bit) Join Date: Feb 2004 Location: Scotland Posts: 9	ok....SpySweeper picked up a few things here and there but nothing major, any though on how to get rid of AOL, even file by file. Share Share this post on Digg Del.icio.us Technorati Twitter

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Subscribe to THE INSIDER

Need Some Help? Type Your Keywords Here:

Still Need Help? Type Your Keywords Here:

Free Weekly Tech Newsletter