Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Hi Jack This Scan [RESOLVED]

Started by hikeleader , Jul 26 2005 07:38 AM

  • This topic is locked This topic is locked

#46
hikeleader
Posted 29 July 2005 - 09:08 AM

hikeleader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
This is log from AdAware Scan I ran...will do the Ewido now...
Also noticed that 3 sites were entered as "Always Allow" in my Internet Options/cookie handling..I removed them....

ArchiveData(auto-quarantine- 2005-07-29 10-36-49.bckp)
Referencefile : SE1R58 28.07.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\ Rapist flees with victims vehicle.doc.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\rfl\recent\??rvices.exe.lnk
obj[2]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c1
obj[3]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c2
obj[4]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c3
obj[5]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c4
obj[6]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c5
obj[7]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c6
obj[8]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c7
obj[9]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles\c8
obj[10]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\ASAP Utilities.LNK
obj[11]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\direct3d\mostrecentapplication name
obj[12]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[13]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\direct3d\mostrecentapplication name
obj[14]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[15]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[16]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\editor default add image directory
obj[17]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\editor\per-web image save directories
obj[18]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\editor\recent templates
obj[19]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer last import file path
obj[20]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
obj[21]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
obj[22]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer\frontpage explorer\recent publish list
obj[23]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
obj[24]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
obj[25]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\webs\opened
obj[26]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\frontpage\webs\published
obj[27]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\internet explorer download directory
obj[28]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\internet explorer\main save directory
obj[29]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\medialibraryui mllastselectednode
obj[30]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\player\recentfilelist
obj[31]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\player\settings opendir
obj[32]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[33]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\preferences lastplaylist
obj[34]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\mediaplayer\preferences searchpath
obj[35]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\microsoft management console\recent file list
obj[36]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\ntbackup\log files
obj[37]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\clip organizer\search\last query
obj[38]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft document imaging\settings\save as\file name mru value
obj[39]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft frontpage\settings\link to file\file name mru
obj[40]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru value
obj[41]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru value
obj[42]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru value
obj[43]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[44]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\common\search\last query
obj[45]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\excel\recent files
obj[46]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\powerpoint\recent file list
obj[47]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\powerpoint\recent templates
obj[48]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\powerpoint\recent typeface list
obj[49]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\10.0\powerpoint\recentfolderlist
obj[50]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings MRUFlags4
obj[51]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings MRUFlags3
obj[52]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings MRUFlags2
obj[53]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings MRU3
obj[54]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings MRU2
obj[55]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\invalid.LNK
obj[56]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings Size of MRU File List
obj[57]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\office\11.0\access\settings Enable MRU File List
obj[58]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\LWW Pricing Worksheet - eff 070105 - RESALE.xls.LNK
obj[59]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\LWW Pricing-Eff010105-Domtar Only.xls.LNK
obj[60]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[61]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.ATW
obj[62]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[63]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[64]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.exe
obj[65]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[66]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[67]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.html
obj[68]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.inf
obj[69]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[70]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.mdb
obj[71]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[72]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.pot
obj[73]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[74]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.tif
obj[75]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[76]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.wav
obj[77]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.xls
obj[78]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[79]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[80]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\recentdocs\NetHood
obj[81]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mp3
obj[82]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpf
obj[83]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\mpg
obj[84]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\LastLoginTime
obj[85]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\pdf
obj[86]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips1
obj[87]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips2
obj[88]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips3
obj[89]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips4
obj[90]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips5
obj[91]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips6
obj[92]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips7
obj[93]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\realnetworks\realplayer\6.0\preferences\MostRecentClips8
obj[94]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\RTO
obj[95]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\stc
obj[96]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\swf
obj[97]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\swi
obj[98]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\tif
obj[99]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\tiff
obj[100]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\txt
obj[101]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\unk
obj[102]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wav
obj[103]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wmv
obj[104]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\WPA
obj[105]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wpd
obj[106]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\wps
obj[107]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\xls
obj[108]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\zip
obj[109]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\WK.July.3.ppt.LNK
obj[110]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\World Pac Inquiries-Update 7-28.xls.LNK
obj[111]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\WorldPacPaper.LNK
obj[112]=MRU FileReference : C:\Documents and Settings\rfl\Application Data\microsoft\office\recent\wwwroot.LNK
obj[113]=MRU RegReference : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\windows media\wmsdk\general computername

WINDUPDATES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[66]=Regkey : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
obj[67]=Regkey : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
obj[68]=RegValue : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} "AppID"
obj[69]=Regkey : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
obj[70]=Regkey : appid\loaderx.exe
obj[98]=Regkey : software\microsoft\windows\currentversion\uninstall\media access
obj[105]=Regkey : software\microsoft\downloadmanager
obj[106]=Folder : C:\Program Files\Media Access
obj[109]=File : C:\WINNT\system32\ide21201.vxd
obj[110]=File : C:\Program Files\media access\Info.txt

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[71]=Regkey : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora
obj[72]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUC3n5trMsgSDisp"
obj[73]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUs3t5icky1S"
obj[74]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUs3t5icky2S"
obj[75]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUs3t5icky3S"
obj[76]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUs3t5icky4S"
obj[77]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUC1o3d5eOfSFinalAd"
obj[78]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUT3i5m7eOfSFinalAd"
obj[79]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUD3s5tSSEnd"
obj[80]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AU3N5a7tionSCode"
obj[81]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUP3D5om"
obj[82]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUT3h5rshSCheckSIn"
obj[83]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUT3h5rshSMots"
obj[84]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUM3o5deSSync"
obj[85]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUI3n5ProgSCab"
obj[86]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUI3n5ProgSEx"
obj[87]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUI3n5ProgSLstest"
obj[88]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUB3D5om"
obj[89]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUE3v5nt"
obj[90]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUT3h5rshSBath"
obj[91]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUT3h5rshSysSInf"
obj[92]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUL3n5Title"
obj[93]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUC3u5rrentSMode"
obj[94]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUC3n5tFyl"
obj[95]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUI3g5noreS"
obj[96]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\aurora "AUL3a5stSSChckin"
obj[107]=RegValue : software\microsoft\internet explorer\toolbar\webbrowser "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"
obj[108]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

PROMULGATE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[97]=Regkey : software\classes\vccpgdataaccess.pgdataaccessctrl.1

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[99]=RegValue : S-1-5-21-2134126602-1817933973-825688854-1221\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[100]=Regkey : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
obj[101]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "URLInfoAbout"
obj[102]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "Publisher"
obj[103]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "HelpLink"
obj[104]=RegValue : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "Contact"
  • 0

Advertisements

#47
hikeleader
Posted 29 July 2005 - 09:37 AM

hikeleader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here is report after Ewido scan in safe mode:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:31:21 AM, 7/29/2005
+ Report-Checksum: D6191E77

+ Scan result:

C:\Documents and Settings\rfl\Cookies\rfl@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\rfl\Desktop\l2mfix\backup.zip/mk3216.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\rfl\Desktop\l2mfix\backup.zip/mxclus.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\rfl\Desktop\l2mfix\backup.zip/NTTLOGON.DLL -> Spyware.Look2Me : Cleaned with backup


::Report End
  • 0

#48
tampabelle
Posted 29 July 2005 - 01:19 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi hikeleader,


Well most of the items listed in the scan reports are MRU objects or the Most Recently Used objects. This stores the links to various files which were recently used. Something like the list of recently used files that you would see in Word / Excel / Adobe reader or any other program which stores such lists.

The Look2me infection identified was in the backup files fixed by l2mfix that we used earlier !!! You can delete the entire l2mfix folder from your desktop.

The only item that need to be fixed is Media Access.

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

Media Access

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folder, if found -

C:\Program Files\Media Access

Let me know how it goes !!!!
  • 0

#49
hikeleader
Posted 29 July 2005 - 01:44 PM

hikeleader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
curious...
no sign of Media Access in either location.

However...
See the screenshots attached.
In my add/remove I have something called OIN.......outer info network

when I click to unistall it spawns IE and brings to website asking me to complete survey and click a button to uninstall. When click the button it prompta me to download an uninstaller program! Needless to say I hit cancel....

Wacky stuff!

I have since implemented as many of the suggestions you made as I can.

What do you think?

Attached Files

  • Attached File  OIN.doc   108.5KB   11 downloads

  • 0

#50
tampabelle
Posted 29 July 2005 - 02:30 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Hikeleader,


Did you read their Terms and Conditions ??? They can collect information on your surfing habits and pop-up ads consistent with your surfing habits !!!!

I wonder what such programs are called ?? Adware ?? Certainly not something that I would want.


Reboot the PC in Safe Mode. This will ensure that the program does not download anything to collect more info from your PC !!!

Run Hijack This. Click on config ---> Misc Tools. Click the Open Uninstall Manager button. Hilite the OIN entry and remove it.

Reboot the PC in normal Mode

Let me know how that goes.
  • 0

#51
tampabelle
Posted 29 July 2005 - 02:30 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Can you also post a fresh HJT log after completing the above fix??
  • 0

#52
hikeleader
Posted 29 July 2005 - 02:47 PM

hikeleader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:47:39 PM, on 7/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WDNPSVC.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Mango\Mind\utilities\drives.exe
C:\Program Files\Mango\Mind\utilities\noticebd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\rfl\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://erpprod/cpier...iles/Login.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MindDrives] "C:\Program Files\Mango\Mind\utilities\drives.exe" -offlinecheck
O4 - HKLM\..\Run: [MindNoticeBoard] "C:\Program Files\Mango\Mind\utilities\noticebd.exe" -newnotices
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.priv.njml...ch/XMLCache.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firs...r/mapviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cliffordpaper.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cliffordpaper.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cliffordpaper.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mangomind Drive Repair (MindRepair) - Mangosoft - C:\Program Files\Mango\Mind\Utilities\dirtcon.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RUMBA Workstation (WdWorkstation) - Wall Data Incorporated - C:\WINNT\System32\WDNPSVC.EXE
  • 0

#53
tampabelle
Posted 29 July 2005 - 03:14 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Rob,

Is the OIN item gone from Add pr Remove programs ???

Any other items which might seem unwanted to you ???
  • 0

#54
hikeleader
Posted 29 July 2005 - 03:23 PM

hikeleader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
it's gone, nothing else I see is unusual....
thanks again.
I'll see if anything happens next week!
  • 0

#55
tampabelle
Posted 29 July 2005 - 03:41 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP