Jump to content


Photo

Still getting popups...


  • Please log in to reply
8 replies to this topic

#1 badfish

badfish

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 July 2004 - 12:33 AM

after removing hundreds of items with Ad-Aware, Xsoftspy, and Spybot S&D. My kids must have clicked on every popup they saw... :hmmm:

Here is my current log file. The ones marked are what I'm guessing needs to be fixed. I'd appreciate it if someone could confirm, or point out anything that I missed. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 10:19:15 PM, on 7/20/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\TEMP\GTWI8.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\GCJ2S6.EXE
C:\WINDOWS\SYSTEM\GCJ2S6.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

*R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
*R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
*O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
*O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
*O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\COMMON FILES\MIDADDLE\MIDADDLE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
*O4 - HKLM\..\Run: [Gtwi8] C:\WINDOWS\TEMP\GTWI8.EXE
*O4 - HKLM\..\Run: [4X8JMTR5YHW7LE] C:\WINDOWS\SYSTEM\Jvy1Wb1a.exe
*O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...38051.017337963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
*O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
*O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
*O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
*O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...51/QDow_AS2.cab
*O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

#2 Immortaldreamz

Immortaldreamz

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 21 July 2004 - 01:00 AM

*O4 - HKLM\..\Run: [Gtwi8] C:\WINDOWS\TEMP\GTWI8.EXE
*O4 - HKLM\..\Run: [4X8JMTR5YHW7LE] C:\WINDOWS\SYSTEM\Jvy1Wb1a.exe
*O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe


Those are some definate bad boys. Not sure on the rest though :)

#3 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 21 July 2004 - 02:30 AM

Hello badfish,

Good call on the ones to remove. You also have a peper infection.

First download the PeperFix.exe, a tool made by Option^Explicit, from here: PeperFix.exe

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

You will be prompted to reboot.

Reboot and it will delete the files.

_________________

On the Windows 98 taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs, and Remove:

"Lycos SideSearch"

_________________

Next, take a free Online Virus scan at HouseCall or eTrust or both.

_________________


Open Hijackthis, click Scan, then put a check next to the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\PROGRAM FILES\COMMON FILES\MIDADDLE\MIDADDLE.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\PROGRAM FILES\SEP\SEP.DLL

O4 - HKLM\..\Run: [Gtwi8] C:\WINDOWS\TEMP\GTWI8.EXE
O4 - HKLM\..\Run: [4X8JMTR5YHW7LE] C:\WINDOWS\SYSTEM\Jvy1Wb1a.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...51/QDow_AS2.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab



Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

Then, reboot to Safe mode
As the computer restarts, press and hold down the F8 key until the Windows 98 startup menu appears.
And delete this file:

C:\WINDOWS\fash.exe (if still there)

And these folders:

C:\PROGRAM FILES\SEP\
C:\WINDOWS\TEMP\ <------delete all the contents in this folder.

You may have to show hidden files

Open My Computer.
Select the View menu and click Folder Options.
Select the View Tab.
In the Hidden files section select Show all files.
Click OK.

Then reboot normally, and please post a new HJT log, and let us know how you made out.

#4 badfish

badfish

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 02:04 AM

Hi Autodad. Thanks for your help!

I ran PeperFix and it found and removed 11 files.

I also ran the Housecall virus detection and it found and removed the following:
Troj Agent.CF C:/Windows/System
Troj Small.EU C:/Windows/Temp/Bridge.exe
Troj Delf.RA C:/Browserhel... (wouldn't show the rest)
Bkdr Sandbox.A C:/Program Files/MemoryWatcher...
Bkdr B.A C:/Program Files/MemoryWatcher...
ADW Ruledor.C C:/Clrschp071.exe
Bkdr Ruledor.E C:/Csv5P072.exe

As you can see, I finally won the battle to get NAV installed on this computer. (Liveupdate was going to the wrong host and there was no option to change it) Hopefully that will eliminate future problems...

There are some new suspicious entries in my latest HJT log, though. Also, there are several subdirectories under the C:/Windows/Temp directory. Sould those be deleted as well?

Logfile of HijackThis v1.97.7
Scan saved at 11:41:56 PM, on 7/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NAVROAM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\IEHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ESSEQCHK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\WMAINF16.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
*O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
*O4 - HKLM\..\Run: [p54Q36g] ESSEQCHK.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [NAVRoam] C:\PROGRA~1\SYMANTEC\LIVEUP~1\NAVROAM.EXE
*O4 - HKCU\..\Run: [Y2v4RWM7V] WMAINF16.EXE
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...38051.017337963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#5 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 22 July 2004 - 05:21 AM

Hi badfish,

Here are 2 links that show how to clean C:\WINDOWS\TEMP\

http://www.mvps.org/...02/delcache.htm

http://support.micro...b;en-us;q237294


You do have new entries, and it looks like you found the correct ones again.
Go to the Control Panel's Add/Remove Programs feature. Select and remove
'AM Server' and 'POP'.
Follow this link to remove PeopleOnPage

Then go to Task Manager (Ctrl + Alt + Delete) and click on "Processes" then "End Process" for these:

ESSEQCHK.EXE
WMAINF16.EXE
IEHost.exe


Then close task manager.


Open Hijackthis, click Scan, then put a check next to the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL

O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
O4 - HKLM\..\Run: [p54Q36g] ESSEQCHK.EXE
O4 - HKCU\..\Run: [Y2v4RWM7V] WMAINF16.EXE


Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

Then, reboot to safe mode, show hidden files, and delete this folder:

C:\PROGRAM FILES\SYSAI\

And these files:(if there)

C:\WINDOWS\SYSTEM\SearchBar.htm
C:\WINDOWS\SYSTEM\IEHost.exe
C:\WINDOWS\SYSTEM\ESSEQCHK.EXE
C:\WINDOWS\SYSTEM\WMAINF16.EXE


Then reboot normally and please post a new HJT log.
There is a newer version of HJT out now.
Open HJT, click Config... then Misc Tools, then Check for Update online, and get v1.98
Or you can get it here: HijackThis.exe

#6 badfish

badfish

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 10:04 AM

It's looking pretty clean, but there is still one program that shows in the control panel list of installed programs, midADdle. When I went to remove, it wanted me to enter the uninstall code showing. I wasn't sure if this would allow it to replicate itself, so I canceled. Should I just go ahead with that uninstall?

Logfile of HijackThis v1.97.7
Scan saved at 7:56:08 AM, on 7/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NAVROAM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [NAVRoam] C:\PROGRA~1\SYMANTEC\LIVEUP~1\NAVROAM.EXE
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...38051.017337963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#7 badfish

badfish

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 10:23 AM

This is the log file from the newer version of HJT. It's not showing all of the same items. Also, it flashed something in the header in red text and then showed 015 Trusted Zone enumaration briefly. Normal?

Logfile of HijackThis v1.98.0
Scan saved at 8:20:25 AM, on 7/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NAVROAM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\HIJACKTHIS\HIJACKTHIS98.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [NAVRoam] C:\PROGRA~1\SYMANTEC\LIVEUP~1\NAVROAM.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#8 badfish

badfish

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 10:39 AM

Nevermind on the midaddle. I found the folder program files/common file/midaddle and deleted it then removed it in the control panel. The HJT log is still the same as above. If I am done, you've been a great help, Autodad.
Thank you very much!

#9 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 22 July 2004 - 04:25 PM

Hello badfish,

You're welcome!
The red Trusted Zone that comes up is normal.

You're log looks clean. Great job! :thumbsup:

Here is some free protection you should consider:
Download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies.

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Check for updates occaisionally.

And also see So how did I get infected in the first place?

You did good at finding the bad entries yourself.
If you're ever interested in learning more to help others, you might want to sign up for Boot Camp here at SWI.

Stay safe!
:wave:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button